Abstract: This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.

Abstract: A device is arranged for encrypting input data and protecting integrity of the input data and associated data. An encryption processor has a first hash unit arranged to compute an integrity value based on the input data, a second hash unit arranged to compute an initialization vector based on the integrity value and associated data, producing an initialization vector that is different from the integrity value. At least one of the hash units may be a keyed hash unit. An encryption unit is arranged for encrypting the input data to generate encrypted data using the initialization vector and an encryption key. As the initialization vector depends on both the integrity value and the associated data, any change therein will result in failure of the decryption and decrypted data that are substantially different from the original input data.

Abstract: Current Wireless transmission volume is such that techniques to compress transmitted data is the object of ongoing technical enhancements. The Invention consists of methods of using rapid changes in signal voltage to convey additional data which may be used for Data Compression, Encryption, and other purposes. They include varying amounts of change referred to as Encode Amplitude (EA) and Baseline Modulation (BM) using a change down to baseline voltage.

Abstract: This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.

Abstract: This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.

Abstract: A system, computer implemented method, and computer storage medium encoded with a computer program, for identifying newly trending topics in a data stream. An example method includes: receiving text documents forming part of a data stream from one or more servers; identifying terms within the received text documents; deriving from the identified terms, a set of terms identified as abnormal by virtue of having a relatively high frequency of occurrence within the text documents received in a recent period compared with that expected from their historic occurrence; creating a first set of one or more clusters, each cluster including a group of terms from the set of terms identified as abnormal which through their degree of co-occurrence in the received text documents are considered to relate to the same topic; and comparing clusters of a further set with the clusters of the first set to determine whether a cluster of the further set pertains to the same topic.

Abstract: The present disclosure relates to the field of identity generation and verification systems and discloses a system and a method for generation and verification of identity of a subject associated with an organization. The system comprises an identity generation tool, an identity verification tool, and a validating server. The identity generation tool is installed in a first electronic device associated with the subject and is configured to generate an ephemeral identity instance for the subject based on its association record, a digital signature of the association record, and a one-time token. The identity verification tool is installed in a second electronic device associated with the verifier and is configured to receive the identity instance and verify the association record of subject using the digital signature. The validating server is configured to verify the validity status of the association record.

Abstract: An information security system that incorporates time, feedback, and/or varying trust in analyzing and responding to attacks. A solution can defer processing of a request for a period of time, which can be sufficient to allow the request to be approved or disproved. The solution can be configured to automatically approve or disprove the request after the period of time if no affirmative response is received. Trust for an entity can be periodically determined and can automatically decay over time. Feedback can be used as part of the approval/disproval process and/or to reevaluate trust.

Abstract: A communication method and a communications apparatus are provided. The method includes: sending, by a network device, indication information to a terminal, where the indication information is used to indicate at least one second BP associated with a first BP; and performing signal transmission, by the network device, with the terminal on the first BP and the at least one second BP. It may be learned that the network device indicates, to the terminal by using the indication information, the at least one second BP associated with the first BP, so that the network device and the terminal can transmit signals on BPs that are associated with each other. In addition, there may be a plurality of second BPs associated with the first BP.

Abstract: The present invention relates to a method for generating a prime number and using it in a cryptographic application, comprising the steps of: a) determining at least one binary base B with a small size b=log2(B) bits and for each determined base B at least one small prime pi such that B mod pi=1, with i an integer, b) selecting a prime candidate YP, c) decomposing the selected prime candidate YP in a base B selected among said determined binary bases : YP=?yjBid) computing a residue yPB from the candidate YP for said selected base such that yPB=?yje) testing if said computed residue yPB is divisible by one small prime pi selected among said determined small primes for said selected base B, f) while said computed residue yPB is not divisible by said selected small prime, iteratively repeating above step e) until tests performed at step e) prove that said computed residue yPB is not divisible by any of said determined small primes for said selected base B, g) when said computed residue yPB is not divisible by a

Abstract: A communication method and a communications apparatus are provided. The method includes: sending, by a network device, indication information to a terminal, where the indication information is used to indicate at least one second BP associated with a first BP; and performing signal transmission, by the network device, with the terminal on the first BP and the at least one second BP. It may be learned that the network device indicates, to the terminal by using the indication information, the at least one second BP associated with the first BP, so that the network device and the terminal can transmit signals on BPs that are associated with each other. In addition, there may be a plurality of second BPs associated with the first BP.

Abstract: A technique for testing wireless-local-area-network (WLAN) infrastructure is described. In particular, a radio-frequency abstraction layer (RFAL) in a physical instance of an electronic device is used to simulate the physical layer communication hardware and radio channels. RFAL allows frames in initial packets that are compatible with a WLAN communication protocol (such as an IEEE 802.11 standard) to be encapsulated in the data-link layer into additional packets that are compatible with a network communication protocol (such as an IEEE 802.3 standard). These additional packets can include information that characterizes transmission of the packet through a simulated radio-frequency environment so that the software stack associated with a physical or virtual instance of an electronic device can be exercised as if the packet had been received over a wireless connection. Then, the additional packets can be communicated via Ethernet (i.e.

Abstract: A method for end-to-end transmission of a piece of encrypted digital information includes the following steps: selection, on the computer equipment of the transmitter, of a piece of digital information and a digital identifier of the recipient; temporary encryption of the piece of digital information by execution of a local encryption application on the computer equipment with the private key of the sender; decryption of the piece of information on the equipment of the sender and encryption of the piece of information with the public key of the recipient; transmission to the recipient, by the computer equipment, from the sender, of the piece of digital information encrypted with the public key of the sender, optionally by the intermediary of the transactional platform; and decryption by the computer equipment of the recipient of the piece of information with the public key of the sender.

Abstract: Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the data RCP. The data RCP is encrypted using the Key RCP to produce a subsequent data RCP. The subsequent data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a data RCP to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the data RCP to produce a subsequent Key RCP. A data structure is encrypted using the data RCP to produce an encrypted data structure.

Abstract: In one aspect, a movable barrier operator enhancement device is provided that includes communication circuitry configured to transmit a radio frequency control signal to a movable barrier operator and a memory configured to store a first transmitter identification (ID) and a changing code for the radio frequency control signal. The device includes a processor configured to change the first transmitter ID to a second transmitter ID in response to a determination of a transmitter ID change event. The communication circuitry is configured to receive a state change request for the movable barrier operator from a remote computing device. The processor is configured to cause the communication circuitry to transmit a radio frequency control signal including the second transmitter ID to the movable barrier operator in response to the communication circuitry receiving the state change request.

Abstract: The present disclosure relates to a method for providing a payment agency service and a server using same, and a method for registering an authentication certificate, a method for providing a payment agency service, a card company server, and a payment agency server. The method comprises steps of a payment agency server: (a) delivering identity authentication information and a first push token ID delivered from a user terminal to a card company server; (b) delivering a successful authentication result to the user terminal to support generating and saving a public key and a private key of the user; and (c) managing the first push token ID or a second push token ID as an integrated push token ID when the first push token ID and the second push token ID match, and saving registration information including the integrated push token ID and the public key.

Abstract: Techniques for using padding in format preserving encryption are provided. In one aspect, it may be determined if padding of a plaintext undergoing format preserving encryption is needed. A pseudo random padding length may be calculated when it is determined that padding is needed. The calculated length of padding may be added to the plaintext when it is determined that padding is needed. The plaintext and added padding may be encrypted using format preserving encryption to create a cipher text.

Abstract: Some methods may involve receiving, at a first node of the health network, encrypted sensor data from one or more sensors. The first node may be in a data communication path between the one or more sensors and other nodes of the health network. The method may involve decrypting, by the first node of the health network, only a portion of the encrypted sensor data, and transmitting the encrypted sensor data from the first node of the health network to a second node of the health network. The first node may be a gateway device. In some examples, the second node may be able to decrypt more of the encrypted sensor data than the first node.

Abstract: A memory device includes a memory core that stores data, an access controlling unit that controls an access to the memory core, and a random number generating unit that generates a random number based on an unstable factor related to an access operation to the memory core performed by the access controlling unit.

Abstract: The present disclosure is directed to methods that provide a secure communication protocol by utilizing one step process of authenticating and encrypting data without having to exchange symmetric keys or needing to renew or re-issue digital identities fundamental to asymmetric encryption methodology.

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract: In one embodiment, a method by a stage device includes receiving from a client device a first randomized client address to be used during a pairing session; sending to the client device a first randomized stage address to be used during the pairing session; communicating with the client device using the first randomized client address and the first randomized stage address to establish at least one common randomization parameter; periodically generating, based on the at least one common randomization parameter, a second randomized client address and a second randomized stage address; and communicating with the client device in a paired communication session using the second randomized client address and the second randomized stage address.

Abstract: A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.

Abstract: Various embodiments of the present technology may comprise methods and apparatus for a password-protected integrated circuit. According to various aspects of the present invention, the password-protected integrated circuit may comprise a cryptosystem that is encoded with a password seed and used to authenticate control data prior to being transmitted to a sensor and/or a sensor control circuit, wherein the sensor and/or sensor control circuit responds to authenticated control data.

Abstract: A communication apparatus includes a storage device to store information indicating connection records of one or a plurality of terminals, and a processor. The processor performs a process including selecting one of a plurality of methods of exchanging a cipher key for communication with a target terminal that is to be connected to the communication apparatus, according to a combination of an input and output capability of the communication apparatus and an input and output capability of the target terminal, and outputting the input and output capability of the communication apparatus that causes the combination to select a method that exchanges the cipher key with the target terminal when the information indicating the connection records of the target terminal is stored in the storage device.

Abstract: A computer-implemented method includes: receiving, by a computing device, a text report request from a user device associated with a user; obtaining a behavior history and personal information of the user; inputting the behavior history and the personal information of the user into a model, to obtain a plurality of personalized evaluation results, each personalized evaluation result corresponding to a respective text report category of a plurality of text report categories, in which each personalized evaluation result indicates a predicted relevance of the corresponding text report category to a problem faced by the user, and in which the model includes a classification model trained using one or more supervised learning techniques on a plurality of user behavior history samples and a plurality of personal information samples; and determining an order in which the plurality of text report categories are to be presented to the user.

Abstract: In the present invention, by providing an apparatus for securing data comprising a memory for storing information for data processing, a processor configured to partition original data into a plurality of partial data and generate a plurality of divided data by randomly determining positions of each of the plurality of partial data within the original data, and a communication interface configured to transmit each of the plurality of divided data to each of a plurality of servers, respectively, if an attacker obtains a portion of the divided data, it prevents the entire original data from being restored, and the legitimate user can restore the original data accurately even if some divided data is corrupted, and provides an efficient data polymorphic dividing technique that can minimize the amount of calculation required to secure data.

Abstract: Systems and methods for creating fingerprints for devices are described herein. In various embodiments, the system includes a device management system operatively coupled to a merchant system. According to particular embodiments, the device management system: 1) receives a first payload correspond to a device from the merchant system, the first payload including data in a particular format; 2) creates a fingerprint for the device by parsing the first payload and creating a record of a section format for each of one or more distinct sections of the particular format; and 3) comparing a format of each subsequent payload that corresponds to the device to the fingerprint for the device to determine whether the device has been compromised.

Abstract: The present disclosure relates to technologies for sensor networks, machine to machine (M2M) communication, machine type communication (MTC), and Internet of Things (IoT). The present disclosure may be utilized for intelligent services based on the above technologies (smart homes, smart buildings, smart cities, smart or connected cars, health care, digital education, retail businesses, security and safety-related services). The present invention relates to a method and apparatus that, when a user equipment notifies its identification information using an unsecured connection, enable the user equipment to notify the identification information in a secure manner using a one-time password (OTP) algorithm and proximity authentication and to receive services customized to user needs.

Abstract: A processing module for a first lock device of a range determination system, the range determination system comprising a lock group comprising a plurality of lock devices of which the first lock device forms part, the plurality of lock devices physically spaced over a lockable element and configured to communicate with a key group comprising a plurality of key devices, a shortest distance between any one of the key devices of the key group and any one of the lock devices of the lock group providing for access to the lockable element relative to a threshold distance.

Abstract: A motion recognition apparatus and a control method thereof, capable of controlling and operating a controlled device by determining a gesture variation of a user to replace conventional finger touch for a user interface. The motion recognition apparatus includes a first device, a second device and a controlled device wirelessly connected to the first device and the second device. The first device detects a gesture variation of a user. The second device calculates the number of gesture variations and outputs a corresponding control signal. The second device includes a motion recognition unit and a fast communication unit, enabling the controlled device to receive the control signal and operate according to the gesture variation of the user. Accordingly, the user interface becomes more user-friendly and makes the controlled device more controllable and the Internet of Things (IoT) more applicable.

Abstract: The disclosure relates to a method (20) for a serving device (3) of establishing a computational puzzle for use in communication between a client device (2) and the serving device (3). The method (20) comprises establishing (21), in the serving device (3), the computational puzzle (p) based on a key shared by the client device (2) and the serving device (3) and on a solution (s?, s?) to the computational puzzle (p). Further method (30) in a serving device is provided, methods (60, 70) for client devices (2), serving devices (3), client devices (2), computer programs and computer program products.

Abstract: Embodiments of the present invention are drawn to systems and methods for securing information using cryptographically keyed units. Specifically, in one embodiment of the present invention, a system is provided for securing information that uses two cryptographically keyed units to encrypt information flowing between a fuel pump device and a remote device. Thus, even if the information is intercepted, it could not be used to perpetrate fraud.

Abstract: An apparatus and a corresponding method. The apparatus includes an injection module operable to maintain packet sequence numbers for a group of network devices, receive a first packet and a second packet that is sent from the apparatus after the first packet and destined for a different device in the group than the first packet, and update the packets with different packet sequence numbers. The packet sequence number for the second packet is generated using the packet sequence number for the first packet. The apparatus further includes an encryption module operable to determine an initialization vector for each packet sequence number and apply an encryption algorithm to each packet. Each packet is encrypted using a corresponding initialization vector and an encryption key as inputs to the encryption algorithm.

Abstract: Systems and methods product security include: generating a unique activation code, product identification code, and product scan code for electronic products to be protected and assigning these security codes to their corresponding products; generating an unlock code for each product; embedding the unlock code into the electronic product, and locking the electronic product to be protected to create a locked electronic product; and affixing the unique product scan codes to their corresponding products. At the point of purchase the unique product scan code is scanned to identify the unique activation code for the purchased product. The purchaser receives the activation code assigned to the locked product and enters it. A hash string generated from the activation code is compared to the unlock code to determine whether they are a match.

Abstract: The present disclosure is related to encryption of executables in computational memory. Computational memory can traverse an operating system page table in the computational memory for a page marked as executable. In response to finding a page marked as executable, the computational memory can determine whether the page marked as executable has been encrypted. In response to determining that the page marked as executable is not encrypted, the computational memory can generate a key for the page marked as executable. The computational memory can encrypt the page marked as executable using the key.

Abstract: Examples relate to efficient storage of initialization vectors in a system. One example facilitates determining an initialization vector for use in encrypting a first cache line of a first page of memory, wherein determining the initialization vector comprises concatenating a page-level counter with a first set of hierarchical counters. The first set of hierarchical counters includes a first counter associated with the first cache line; a first group counter associated with a first group of cache lines, the first group of cache lines comprising the first cache line; and a first cluster counter associated with a first cluster of cache line groups, the first cluster comprising the first group of cache lines.

Abstract: Electronic systems are provided for secure actuation of a remote device such as a moveable barrier operator. The systems address the “man in the middle” problem of persons intercepting and duplicating radio frequency signals from a control device by introducing timing parameters into a bidirectional communication sequence between at least two devices.

Abstract: Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the Data RCP. The Data RCP is encrypted using the Key RCP to produce a subsequent Data RCP. The subsequent Data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a Data RCP to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the Data RCP to produce a subsequent Key RCP. A data structure is encrypted using the Data RCP to produce an encrypted data structure.

Abstract: A system and method of wireless display, including a transmitter processing a first encrypted content into a second encrypted content without decoding, and transferring the second encrypted content over a wireless display connection to a receiver.

Abstract: Space-efficient methods of defining a key allocation scheme within a broadcast encryption system are provided. In some embodiments, a descriptor is received. The descriptor includes a plurality of subset definitions and a plurality of pointers. A data segment is resolved from each of the plurality of pointers. The resulting data segments are assembled into a plurality of variant definitions. A media key block is generated from the plurality of subset definitions and the plurality of variant definitions.

Abstract: Techniques for encrypting long-term data using layered encryption based on difficult to obtain secrets are described herein. The set of data to encrypt is designated as the source data for the first iteration. Then, for each iteration, a derived set of data is generated from a set of random data and the source data is combined with the derived set of data to produce a set of encrypted data. The set of encrypted data is then designated as the source data for the next iteration.

Abstract: Equivoe-T complements its erosive cryptographic intractability with durable cryptographic equivocation. The captured ciphertext C generated through plaintext P using key K, may also be generated via a ‘fake plaintext’ P??P using a different key, K??K, presenting the cryptanalyst with a conclusive doubt as to the identity of the true plaintext. Prospectively there will be numerous plausible non-overlapping plaintext candidates, all guarding the identity of the true plaintext.

Abstract: A method for securely receiving a cipher key from a key provider to a key requester is provided. The method includes generating a session key shared between the key requester and the key provider, determining at least one key in accordance with the session key. The method also includes transmitting a request from the key requester to the key provider, and receiving a response from the key provider, where the response comprises an encrypted payload and an authentication tag. The method also includes authenticating the response and decrypting the encrypted payload using the at least one key to obtain the cipher key.

Abstract: A secure channel is generated using a third party to the channel. A first secure channel between two computer systems is established. The first secure channel is used to relay information about a third party. The third party provides security parameters for a second secure channel to enable the two computer systems to communicate over a second secure channel.

Abstract: Techniques are described for performing subscriber aware two-way active measurement protocol (TWAMP) data session provisioning between two endpoints in a computer network. For example, the disclosed techniques include extending TWAMP control messaging to include a communication mode for negotiating subscriber-aware TWAMP data monitoring. If the communication mode is supported by both endpoints, a subscriber identifier is specified when a TWAMP data session is provisioned (negotiated) over the control session. The disclosed techniques further include extending TWAMP data messaging to include the subscriber identifier in each test packet for the data session. In this way, each of the endpoints may identify a subscriber corresponding to one or more received TWAMP test packets based on the subscriber identifier included in the received TWAMP test packets.

Abstract: A system includes a processor configured to wirelessly receive a vehicle system command from a remote source over a first communication channel. The processor is also configured to open a second communication channel with an apparent command-originating source, responsive to receiving the command. The processor is further configured to request, over the second communication channel, verification that the command originated from the apparent command-originating source and execute the command responsive to command-origin verification.

Abstract: A firmware-based technique for using one or more symmetric keys generated from one or more user credentials to decrypt user profile information and authenticate the user before allowing access to firmware-provided services is discussed. Exemplary credential types include user passwords, smart card data, fingerprint sensor data and retinal scan data. The credentials may be verified in a resource-constrained pre-operating system (OS) environment, upon control of the computing device being returned to the firmware by the OS, and/or may enable recovery scenarios executed by the firmware, such as in the case where a password is lost.

Abstract: A method and apparatus for providing access to an encrypted communication between a sending node and a receiving node to a Law Enforcement Agency (LEA). A Key Management Server (KMS) function stores cryptographic information used to encrypt the communication at a database. The cryptographic information is associated with an identifier used to identify the encrypted communication between the sending node and the receiving node. The KMS receives a request for Lawful Interception, the request including an identity of a Lawful Interception target. The KMS uses the target identity to determine the identifier, and retrieves the cryptographic information associated with the identifier from the database. The cryptographic information can be used to decrypt the encrypted communication. The KMS then sends either information derived from the cryptographic information or a decrypted communication towards the LEA. This allows the LEA to obtain a decrypted version of the communication.

Abstract: A software and hardware infrastructure is provided that can generate traceable and verifiably random number sequences provided from multiple random number sources, including quantum entropy sources, potentially located at multiple points of origin, and distribute the verifiable number sequences across multiple channels and protocols to multiple ultimate destinations in a distributed computing environment. Random number sequences obtained from unique entropy sources can be tagged with information on the provenance and/or other details of the creation of each number sequence. Tags can be used to verify the reliability of each tagged number sequence and/or its associated source. Tags can also include a use indicator to avoid reuse of a tagged number sequence.