Abstract: Disclosed is an electronic apparatus including: a first storage stored with a first code; a second storage; and a processor configured to: read the first code from the first storage and store the read first code in a secured area of the second storage, compare the first code stored in the secured area with a second code obtained from an outside, and based on matching between the first code stored in the secured area and the second code, control an operation to be performed.

Abstract: The invention discloses a sequential encryption method based on multi-key stream ciphers, comprising the following steps of: acquiring plaintext data, and storing the acquired plaintext data in the form of a circular linked list; storing a plurality of key sequences in the form of a circular linked list, respectively; performing a bitwise operation on the key sequences according to a specified starting bit to generate a stream random sequence; and, reconstructing the plaintext data according to the stream random sequence to generate encrypted ciphertext data. The method of the invention is simple in encryption and decryption, difficult to decipher, easy to implement by a computer without auxiliary hardware devices, fast in encryption and decryption speed, strong in the diffusion property of the generated ciphertext, and good in anti-interception performance and the like.

Abstract: The subject of the invention is a symmetric key stream cipher cryptographic method for encrypting plaintexts and decrypting ciphertexts during which process a text to be encrypted or an encrypted text is scanned with an input/output data buffer (5), a pseudo random number is created with a pseudo random number generator (8) with a seed (12), a key automaton (11) is used for encryption and/or decryption. It is characterized in that the procedure involves the method whereby using the characters of the text scanned by the input/output data buffer (5) and the pseudo random number generated by the pseudo random number generator (8), an element of the key automaton's (11) transition matrix is directly reached from the input/output data buffer (5); the procedure is then repeated. A symmetric key stream cipher cryptographic device for implementing the method of claim 1 is also the subject of the invention.

Abstract: A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

Abstract: Electronic data can be conveyed. A processor of a first intermediate device can receive a first file. The processor can decrypt the first file to produce a second file. The second file can include a third file and an identification. The identification can be for a destination device. The third file can include the electronic data. The third file can be encrypted with respect to the first intermediate device. The processor can determine, based on the identification, a second intermediate device. The second intermediate device can be different from the destination device. The processor can produce a fourth file. The fourth file can include the third file and the identification. The processor can encrypt the fourth file to produce a fifth file. The processor can convey, to the second intermediate device, the fifth file.

Abstract: A method of transferring files in a data-processing network using a current node within the network includes reading an outbound content and outbound characteristics of an outbound file. An outbound message is created having outbound strings including a first set of the outbound strings representing the outbound characteristics and a second set of the outbound strings representing the outbound content. The outbound message is sent to a receiver node within the network. An inbound message is received from a sender node within the network. The inbound message has inbound strings including a first set of the inbound strings representing inbound characteristics and a second set of the inbound strings representing inbound content. An inbound file having the inbound content is stored, and the inbound characteristics are applied to the inbound file.

Abstract: A blockchain of transactions may be referenced for various purposes and may be later accessed for ledger verification. One example operation may include one or more of identifying a plurality of rules defining a temporary private blockchain, creating a private blockchain block comprising the plurality of rules defining the temporary private blockchain, transmitting an update to a private blockchain block, and designating the temporary private blockchain closed responsive to receiving the update.

Abstract: In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.

Abstract: A client updates a display of a user interface associated with a state-based client-server application in accordance with a client-side cache. The server supplies data for a new state and additional data for one or more subsequent states that possibly follow the new state if appropriate one or more operations are performed. When a client request is generated that indicates an operation that causes the application to transition to the new state, the client updates the display in accordance with the data that corresponds to the new state from the client-side cache, if available from the client-side cache. The new state data is available since the server has previously supplied the new state data.

Abstract: In an example, a network device is configured to generate a first public-private key pair. The network device is configured to receive, over an electronic network, public keys of two or more second public-private key pairs. The network device is configured to generate a digital currency address using the public keys of the two or more second public-private key pairs and a public key of the first public-private key pair.

Abstract: A decryption method includes: receiving a homomorphic ciphertext; and obtaining a result value added an error value at a message from the received homomorphic ciphertext. The error is disposed on the least significant bit (LSB) side in the homogeneous ciphertext, and the message is disposed at a position adjacent to the error.

Abstract: A method for quantum key output is disclosed. The method can be implemented by a first quantum key management device. The method can comprise acquiring a first quantum key from a first quantum key distribution device, according to the obtained first key acquisition request, and storing the acquired first quantum key in a first management device address range in a first storage media, the first management device address range having the same address range indicator as a second management device address range in a second storage media for storing a corresponding second quantum key acquired by a second quantum key management device, wherein the address range indicator is one of a pair of head address and a tail address, a head address and a range length, or a head address and a length of one of the first quantum key or the second quantum key.

Abstract: An electronic device is provided. The electronic device includes a controller, configured to receive an input image signal captured by a camera device, perform a codec process on the input image signal to generate a processed file. The controller is further configured to perform privacy detection on the input image signal or the processed file. In response to the input image signal or the processed file being detected to include privacy information, the controller is further configured to encrypt the processed file to generate an encrypted file.

Abstract: A device implementing an adaptive assembly guidance system includes an image sensor and a processor configured to capture, using the image sensor, an image of a set of connectable components. The processor is further configured to process the captured image to detect individual connectable components of the set of connectable components and to detect a current configuration of the set of connectable components. The processor is further configured to determine, based at least in part on the detected individual connectable components of the set of connectable components, a recommended configuration of the set of connectable components. The processor is further configured to display information for assembling the set of connectable components into the recommended configuration from the current configuration.

Abstract: An encryption system and method that addresses private computation in public clouds and provides the ability to perform operations of encrypted data are provided.

Abstract: An encryption method of a terminal device includes: setting a scaling factor; and reflecting the scaling factor in a message to be encrypted, and performing encryption using a public key to generate a homomorphic ciphertext. The homomorphic encryption is, based on a decryption being performed, in a form that a result value obtained by adding an error value to a value obtained by reflecting the scaling factor in the message is restored.

Abstract: A method and system for automating application of software patches to a server system having a virtualization layer. A plurality of software patches are downloaded to a computer system having a first operating system. The software patches to apply to a server console operating system are then determined. The software patches are automatically copied to the server system by executing a first script file. The copied software patches are automatically decompressed by executing a second script file. The decompressed software patches are installed in a specified order by executing the second script file. The console operating system is rebooted only after all software patches are installed.

Abstract: Examples described herein generally relate to a computer device including a memory, and at least one processor configured to determine whether to allow execution of an application file on the computer device. The processor receives a command to execute a file. The processor determines whether the file is associated with a package reputation of an installation package. The processor determines a file reputation of the file. The processor determines whether to allow execution of the file based on a combination of the file reputation of the file and whether the file is associated with the good package reputation.

Abstract: A wireless communication device such as a payment reader has a wireless communication interface and is able to establish wireless pairing with an interactive electronic device such as a merchant device running a point of sale application. In order to establish pairing, the wireless communication device accesses a passkey and encrypts the passkey. The encrypted passkey is transmitted to the interactive electronic device via the wireless communication interface, and the interactive electronic device sends the encrypted passkey to a pairing server. The pairing server decrypts the encrypted passkey and sends the decrypted passkey back to the interactive electronic device via a secure connection. The wireless communication device and the interactive electronic device establish wireless pairing based on the passkey and the decrypted passkey.

Abstract: Examples relate to identifying signatures for data sets. In one example, a computing device may: for each of a plurality of first data sets, obtain a data set signature; generate a first data structure for storing each data set signature that is distinct from each other data set signature; for each of a plurality of second data sets, obtain at least one data subset; generate a second data structure for storing each data subset; remove, from the first data structure, each data set signature that matches a data subset included in the second data structure; and for each data set signature removed from the first data structure, identify each first data set from which the data set signature was obtained; and for each identified first data set, obtain a new data set signature.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: A single architected instruction to produce a signature for a message is executed. The executing includes determining an encrypted sign function of a plurality of encrypted sign functions supported by the instruction to be performed and obtaining input for the instruction. The input includes a message and an encrypted cryptographic key. Based on the encrypted sign function to be performed and the input, a signature to be used to verify the message is produced.

Abstract: An information processing device includes a storage unit, a controller, a storage processor, and a transmitter. When communication with a log management server is unavailable, the controller causes a log of an operation of storing or retrieving data with respect to a storage area on a network to be stored in the storage unit in association with the data. In a case in which the data stored in the storage unit is stored in the storage area and the log associated with the data exists, the storage processor performs a process of storing the log in the storage area in association with the data. In a case in which communication with the log management server is available and a log is stored in association with data in the storage unit, the transmitter transmits the log to the log management server.

Abstract: A system for random number generation includes a laser pulse driver; a laser diode emitting laser pulses; a fiber-optic unbalanced interferometer transforming laser radiation phase noise into amplitude modulation; an optical circulator/isolator that is used to prevent unwanted feedback into a laser cavity; a photodetector that detects the laser pulses from the interferometer; a digitizer that digitizes an output of the photodetector; a statistics control (SC) block that is used to calculate the probability density of the photodetector's output and to define a parameter ? that is related to a classical-to-quantum noise ratio and allows estimating random operation and providing attack resistance of the system; and a processor that receives the digitized output from the digitizer and outputs a true random bit sequence.

Abstract: A method for displaying a graphic object, which is generated by a remote server in a local window, which is displayed on a display device, the local terminal communicating with the server via a proxy gateway for the remote office protocol, the gateway establishing a connection between the terminal and the server, the connection comprising a primary connection, which is established between the local terminal and the proxy gateway of the remote application type, and a secondary connection, which is established between the proxy gateway and the remote server, comprises a step of detecting the type of secondary connection and a step, carried out by the proxy gateway, of converting data, which are from the remote server, and which relate to a local window of the office type, into data, which are intended for the local terminal and which relate to a local window of the application type.

Abstract: A transmitting apparatus, a receiving apparatus, and a method of signal processing are provided. The transmitting apparatus includes at least one processor configured to implement: a packet generator which generates a packet including a header and a payload, based on an input stream; and a signal processor which signal-processes the generated packet. The header includes a base header, and the base header includes various fields indicating at least one of a packet type, and a value indicating that the packet transmits one single complete input packet, a segment of an input packet, or a plurality of input packets. The fields included in the base header may also indicate presence of an additional header and a substream identifier.

Abstract: Method and system for executing a one-time program comprising at least one instruction operating on at least one input value (a, b) and returning at least one output value (O), wherein each instruction of the one-time program is encoded onto a state of an elementary quantum system, comprising: encoding the at least one input value (a, b) onto a quantum gate according to a pre-defined input-encoding scheme; applying the quantum gate to the at least one elementary quantum system; making a measurement of a resulting state of the at least one elementary quantum system after the quantum gate; and determining the at least one output value from a result of the measurement.

Abstract: Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.

Abstract: A system and methods for authenticating an electronic signature using a biometric fingerprint includes registering a subscriber to the service. The subscriber asks document signers enter their fingerprint(s) by a fingerprint reader. The fingerprint data is applied to a fingerprint matcher which generates a gallery pair table of fingerprint minutiae for each signer. A secret user ID or operation number is generated. A sharing module splits the fingerprint information into N shares and generates a threshold number S. The secret is applied to the sharing module and N shares of the secret are generated. The N shares of fingerprint data are each combined with one share the secret to form N combined shares. The N combined shares are each stored in different cloud storage locations. Retrieval of the secret to authenticate the signers requires S signers to enter their fingerprints and S combined shares to be downloaded from the clouds.

Abstract: An intelligent transportation system, ITS, station (600) comprising: a host processor (640); and a memory (664) operably coupled to the host processor (640). The host processor (640) is configured to: perform precomputation of certificate data associated with an identity to be verified on a per identity basis; store precomputation data for a plurality of verified identities in the memory (664); and extract stored precomputation data from memory (664) and use the stored precomputation data to perform accelerated verification of subordinate certificates.

Abstract: A method for accessing a resource utilizing a reusable access token. The method includes one or more computer processors generating an initial token, wherein the initial token is associated with a remotely stored backup copy of the initial token. The method further includes transmitting the initial token to a client device. The method further includes receiving a modified token from the client device. The method further includes responding to receiving the modified token by determining that the received modified token is valid. The method further includes responding to determining that the received modified token is valid by granting access to a protected resource.

Abstract: An image forming apparatus includes: a biometric information reading section which acquires biometric information of a printing executor; a biometric information sending section which sends the biometric information acquired by the biometric information reading section to an authentication server; a confidential printing section which starts image formation of a confidential document when the printing executor has been authenticated by the authentication server; storage which stores therein the biometric information acquired by the biometric information reading section as comparison biometric information; and an authentication section which performs presence confirmation of the printing executor by acquiring biometric information through the biometric information reading section and comparing the biometric information to the comparison biometric information during the image formation of the confidential document.

Abstract: Methods, systems, and apparatus for EM communications. One of the methods includes determining, at a first device, that a second device is present; initiating a half duplex communication with the second device; configuring communication with the second device including determining whether full duplex communication is available; in response to a determination that full duplex communication is not available, communicating with the second device in half duplex mode; and in response to a determination that full duplex communication is available, communication with the second device in full duplex mode.

Abstract: A system and methods for authenticating an electronic signature using a biometric fingerprint includes registering a subscriber to the service. The subscriber asks document signers enter their fingerprint(s) by a fingerprint reader. The fingerprint data is applied to a fingerprint matcher which generates a gallery pair table of fingerprint minutiae for each signer. A secret user ID or operation number is generated. A sharing module splits the fingerprint information into N shares and generates a threshold number S. The secret is applied to the sharing module and N shares of the secret are generated. The N shares of fingerprint data are each combined with one share the secret to form N combined shares. The N combined shares are each stored in different cloud storage locations. Retrieval of the secret to authenticate the signers requires S signers to enter their fingerprints and S combined shares to be downloaded from the clouds.

Abstract: A first component determines encrypted data representing an event and encrypted threshold data corresponding to an outlier of the event. The first system may process the data using, for example, one or more composite integers, and may send the result to a second system. This second system may subtract the data to determine of the encrypted data is greater than, less than, or equal to the encrypted threshold. If so, the second system may determine that the encrypted data corresponds to an outlier of the data. The second system may send an indication of this determination to a third system.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data. One method includes receiving a request from an application component of a blockchain node to execute one or more software instructions in a trusted execution environment (TEE); determining one or more blockchain node blocks for executing the one or more software instructions; performing error correction coding of the one or more blocks in the TEE to generate one or more encoded blocks; dividing each of the one or more encoded blocks into a plurality of datasets; selecting one or more datasets from each of the one or more encoded blocks; and hashing the one or more datasets to generate one or more hash values corresponding to the one or more datasets for use in replacing the one or more datasets to save storage space of the blockchain node.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing cryptographic operations subject to identity verification. One of the methods includes receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client including client identity information, wherein the cryptography chip includes a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations, and identity information associated with clients that are permitted to request cryptographic operations; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations; and performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.

Abstract: A system is configured to receive a network resource request from a user device configured with a browsing application, wherein the request includes identification data associated with the user device. The system transmits, to a network resource provider, a request for the network resource, wherein the request transmitted to the network resource provider excludes identification data included in the request received from the user device. The system receives from the network resource provider a response, including a document comprising a field configured to receive payment information for an item purchase. The system receives from the browsing application an indication that an anonymous payment instrument, associated with a first entity different than the user, is to be used to purchase a first item at a first price. The system causes information regarding the anonymous payment instrument to be provided to the network resource provider.

Abstract: Various aspects of the subject technology related to systems and methods for providing secure end-to-end data encryption between devices. In one aspect, a method includes encrypting data for a sending device using an encryption key. The encryption key is not stored on a server. The method includes decrypting the encrypted data transmitted from the sending device to a receiving device using a decryption key. The decryption key is also not stored on a server.

Abstract: An enterprise security system is improved by managing network flows based on an application type. When a network message having an unknown application type is received at a gateway, firewall, or other network device/service from an endpoint, the endpoint that originated the network message may be queried for identifying information for the source of the network message and the application type may be determined, or the endpoint may periodically communicate application type information to the network device in a heartbeat or other periodic communication or the like. The network message may be managed along with other network traffic according to the application type.

Abstract: A system may include a communication device that may enable a user to complete a digital form via a first communication session. The system may include a processor that may determine that the user has not completed the digital form, determine one or more issues associated with the user not completing the digital form based on a progress point associated with the digital form, determine a communication channel to use to follow up with the user regarding the digital form based on a data profile associated with the user, the one or more issues, or both, and establish a second communication session with the user via the communication channel to present the digital form at the progress point, such that the user can continue to complete the digital form using the second communication session.

Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.

Abstract: Various embodiments disclosed help to implement integrity verification of sensors and signaling lines of the sensors. According to various embodiments, this is achieved by performing an analysis of a noise signal on the signaling line and transmitting check data indicative of a result of the analysis.

Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

Abstract: This application relates to the field of digital watermark technologies and discloses a digital watermark embedding method and extraction method, a digital watermark embedding apparatus and extraction apparatus, and a digital watermark system. The method includes obtaining a digital watermark of a composite file, splitting the digital watermark into N sub-watermarks according to a carrier quantity N of the composite file, each sub-watermark being corresponding to partial content of the digital watermark, embedding an ith sub-watermark in an ith carrier of the composite file, to obtain an ith target carrier, and integrating N target carriers into a target file. This application resolves a problem in the related technology that a digital watermark technology cannot ensure integrity of an order file, and protects carriers of a composite file, thereby ensuring security and integrity of the composite file.

Abstract: Provided is a pre-calculation device capable of keeping a secret against malicious behaviors of participants while keeping a processing load small. A Beaver triple generation processor generates a secret-shared Beaver triple formed of two secret-shared random numbers and a secret-shared value of a product of the two random numbers. A Beaver triple random inspection processor randomly selects a secret-shared Beaver triple, restores the Beaver triple through communication to and from other pre-calculation devices, and confirms that a product of first two elements is equal to a third element. The Beaver triple position stirring processor randomly replaces Beaver triples that have not been restored, to generate replaced secret-shared Beaver triples.

Abstract: An example operation may include one or more of connecting, by an identity server, to a blockchain configured to store an identity trait of a user, retrieving, by an identity server, the identity trait from the a blockchain, establishing, by the identity server, a trust group homomorphism digital signature algorithm (DSA) for the user associated with the identity trait based on a public key PK1, creating, by the identity server, a zero-knowledge proof function with a public key PK2 based on a DSA member of the trust group homomorphism for witness data, providing, by the identity server, the witness data to a challenger for the zero-knowledge proof function, and receiving, by the identity server, a validation of the user as a proved user based on execution of the zero-knowledge proof function based on the witness data.

Abstract: A system described herein may allow for the masking of user input and/or sensor data, which could otherwise be used to uniquely identify and track a user. For example, user inputs (e.g., keyboard or mouse inputs) and/or sensor data (e.g., data from a touchscreen, pressure sensor, gyroscope, etc.) may be normalized and randomized. The normalization and/or randomization may include modifying metadata associated with user inputs or sensor data (e.g., modification of timestamps and/or modification of raw data) prior to outputting the user inputs or sensor data to an application, and/or to a service that attempts to uniquely identify users based on such metadata.

Abstract: Systems and methods that may be implemented to use encryption to isolate SMI functions, libraries and data from each other, such as during operation of systems management mode (SMM). Isolation of SMI function, library and data (and limitation of SMI function/library privileges) may be achieved in SMI at runtime by decrypting only that code and data needed for performing the required action/s in response to a SMI received from a calling process by a host processor (e.g., CPU).

Abstract: A method and system for providing selective protection of data exchanged between user equipment (UE) and network is disclosed. The selective protection is applied to a packet, a bearer or an access point name for secure exchange of data between the UE and the network. The network decides to apply selective protection based on configuration of network, configuration of UE, load in the network, battery power availability of UE, type of application running on UE. Further, the UE can request for selective protection based on the type of application running on UE and the battery level availability of the UE. The selective protection is either enabled or disabled dynamically by the network. Further, various mechanisms for applying selective protection for each bearer, each packet and each Access Point Name (APN) are disclosed. Additionally, the method for identifying a secured and a non secured bearer has also been disclosed.