Abstract: Methods, systems, and devices for wireless communications are described. A user equipment (UE) and a serving base station may locally store secret information (e.g., side information, such as a secret key, a public key, etc.) that is used to protect physical (PHY) layer channel or signal transmissions. The UE and the serving base station may determine a next value of a pseudo random sequence that is a function of a current value of the pseudo random sequence and the secret information and may use the next value to determine a time-varying parameter. The UE and the serving base station may use this time-varying parameter to determine which tones, which symbols periods, or which sequence, is being used for a subsequent communication of a PHY layer channel or signal.

Abstract: Systems and methods that may be used to provide policies and protocols for blocking decryption capabilities in symmetric key encryption using a unique protocol in which key derivation may include injecting a random string into each key derivation. For example, a policy may be assigned to each client device indicating whether the client device has been assigned encryption only permission or full access permission to both encrypt and decrypt data. The disclosed protocol prevents client devices with encryption only permission from obtaining keys for decryption.

Abstract: Providing cascading quantum encryption services is disclosed. In one example, a first quantum computing device provides a plurality of encryption services that include one or more quantum encryption services and one or more classical encryption services. To encrypt a payload for transmission, the first quantum computing device selects a first encryption service from among the plurality of encryption services. The first quantum computing device then detects that the first encryption service is compromised. In response to detecting that the first encryption service is compromised, the first quantum computing device selects a second encryption service from among the plurality of encryption services, and encrypts the payload using the second encryption service. By automatically “cascading” from the first encryption service to the second encryption service in this manner, the first quantum computing device may ensure the secure communication of the payload to the second quantum computing device.

Abstract: The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

Abstract: The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

Abstract: The systems and methods relate to virtual radio access networks (vRANs). The systems and methods may offload a signal processing task of a physical layer from a vRAN server located at the far edge of a network nearby a base station to a remote location further away from the base station. The remote location may include higher level edge deployments of servers or a cloud deployment of servers. The system and methods may scale the vRAN server capacity by offloading the signal processing task to the remote location without compromising quality of service requirements or latency requirements of the user equipment or the applications.

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.

Abstract: Methods, systems and apparatus for implementing a quantum gate on a quantum system comprising a second qubit coupled to a first qubit and a third qubit. In one aspect, a method includes evolving a state of the quantum system for a predetermined time, wherein during evolving: the ground and first excited state of the second qubit are separated by a first energy gap ?; the first and second excited state of the second qubit are separated by a second energy gap equal to a first multiple of ? minus qubit anharmoniticity?; the ground and first excited state of the first qubit and third qubit are separated by a third energy gap equal to ??; and the first and second excited state of the first qubit and third qubit are separated by a fourth energy gap equal to the first multiple of the ? minus a second multiple of .

Abstract: Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.

Abstract: A method performed by a network server is provided for authentication and key management for a terminal device in a wireless communication network. The method includes authenticating the terminal device during a primary authentication session for the terminal device. The method further includes responsive to a successful authentication of the terminal device, obtaining a first key. The method further includes generating bootstrapping security parameters. The parameters include a second key derived from the first key and a temporary identifier. The temporary identifier identifies the terminal device and the bootstrapping security parameters.

Abstract: The described techniques facilitate the secure transmission of sensor measurement data to an ECU by implementing an authentication procedure. The authentication procedure includes an integrated circuit (IC) generating authentication tags by encrypting portions of sensor measurement data. These authentication tags are then transmitted together with the sensor measurement data as authenticated sensor measurement data. The ECU may then use the authentication tags to authenticate the sensor measurement data based upon a comparison of the portions of the sensor measurement data sensor measurement data to the authentication tag that is expected to be generated for those portions of sensor measurement data.

Abstract: There may be provided a computer-implemented method. It may be implemented at least in part using a blockchain network such as, for example, the Bitcoin network.

Abstract: A device participates in a cyclical collaboration system. The device receives a request from a third party. A request value is determined that is associated with the request. A first random number is determined based on the first request value. The first random number is provided to a downstream device. A second random number is received that is generated by a upstream device. A first encrypted request value is determined based on the first request value, the first random number, and the second random number. The first encrypted request value is provided to a multiple party encryption subsystem. Encrypted request values generated by other participants of the cyclical collaboration network are received from the multiple party encryption subsystem. A validation score is determined based on the first encrypted request values and the encrypted request values received from the multiple party encryption subsystem.

Abstract: Embodiments of the present disclosure relate to a method, an electronic device, and a computer program product for looking up data. This method includes: acquiring, at a first node, a data identifier for data to be looked up, wherein the first node is located in a system having a layered structure, and the data identifier comprises layer information related to a layer in the layered structure. The method further includes: determining a distance between the data identifier and a node identifier for the first node. The method further includes: determining, based on the distance, a second node that can be used to acquire metadata for the data for acquiring the metadata, wherein the distance is related to positions of the first node and the second node in the layered structure. The method further includes: determining, based on the metadata, a third node storing the data for acquiring the data.

Abstract: In some implementations, a first network device may communicate, with a second network device, one or more internet key exchange (IKE) messages to exchange a first identifier associated with the first network device and a second identifier associated with the second network device, and to indicate that a post-quantum preshared key (PPK) is to be used as a shared key for an IKE security association (SA) between the first network device and the second network device. The first network device may obtain, from a key management entity (KME), a quantum key based on providing the second identifier to the KME, wherein the PPK is based on the quantum key. The first network device may communicate, with the second network device, one or more IKE authentication messages to exchange a third identifier associated with the quantum key and to confirm that the second network device successfully obtained the PPK.

Abstract: Encryption keys may be deployed to a satellite, secured, and accessed from a terrestrial source that verifies entity identifying information, generates an access key that is associated in a key pair with a one-time pad (OTP) key used to encrypt a message, transmits the access key to a satellite on which the key pair and encrypted message are stored, receives the encrypted message and the OTP key from the satellite, and decrypts the encrypted message using the OTP key. The satellite receives the OTP from an extra-terrestrial delivery vehicle, stores the OTP in memory, associates one-to-one the access keys and OTP keys as the key pairs in a key pairs table, receives a request for the encrypted message, the request including the access key paired in a key pair in the key pairs table with the OTP key that was used to encrypt the message, and retrieves, in response to receiving the access key, the OTP key and the encrypted message associated in the data storage with the OTP key paired with the access key.

Abstract: An encryption box device has a memory and a processor coupled to the memory. A first clipboard runs on the processor and downloads a plaintext stream. An encryption engine runs on the processor and receives the plaintext stream and encrypts the plaintext stream to produce an encrypted stream. A digitizer runs on the processor and digitizes the encrypted stream to produce a digitized encrypted stream. A second clipboard runs on the processor and uploads the digitized encrypted stream. The encryption engine may also decrypt the encrypted stream to produce the plaintext stream and upload the plaintext stream to the first clipboard.

Abstract: According to certain embodiments, a method comprises receiving an encrypted value from a trust anchor. The encrypted value is received by a hardware component, and the encrypted value is associated with a posture assessment in which the trust anchor determines whether the hardware component is authorized to run on a product. The method further comprises obtaining a random value (K) based on decrypting the encrypted value. The decrypting uses a long-term key associated with the hardware component. The method further comprises communicating an encrypted response to the trust anchor. The encrypted response is encrypted using the random value (K). The encrypted response enables the trust anchor to determine whether the hardware component is authorized to run on the product.

Abstract: Disclosed are a security authentication method and an apparatus thereof, and an electronic device.

Abstract: Methods and apparatuses for improving the delivery of streamed audiovisual content derived from over-the-air digital television signals by reducing streaming start latency are described. In response to detecting a request from a client device to begin a streaming session for a video stream captured by an over-the-air antenna, a streaming device in communication with the client device via a wired or wireless networking connection may transmit a reduced resolution version of the video stream to the client device, establish encryption and decryption keys for a secure connection with the client device while the reduced resolution version of the video stream is transmitted to the client device, communicate a point in time after which an encrypted version of the video stream will be transmitted to the client device, and transmit the encrypted version of the video stream to the client device starting at the point in time.

Abstract: A computing system determines that a third party system has been exposed to a digital security violation. The computing system identifies a first user account of a user registered with the computing system that has a corresponding account associated with the third party system. The computing system determines that the first user account has stored a first set of user credentials for the corresponding account associated with the third party system at a storage location accessible by the computing system. The computing system launches a series of web browsers configured to access a first website associated with the third party system. The computing system executes, via a first web browser of the series of web browsers, a first automated script specific to the first website associated with the third party system. The computing system performs at least one of a plurality of remedial operations with respect to the corresponding account.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for bit generation. An example method includes determining, by decoding circuitry, a set of optical path lengths to use for measurement. The example method further includes receiving, by the decoding circuitry, a set of time-bin qubits. The example method further measuring, by the decoding circuitry and based on the determined set of optical path lengths, the set of time-bin qubits to generate a set of bits.

Abstract: In a network system for wireless communication an enrollee accesses the network via a configurator. The enrollee acquires a data pattern that represents a network public key via an out-of-band channel by a sensor. The enrollee derives a first shared key based on the network public key and the first enrollee private key, and encodes a second enrollee public key using the first shared key, and generates a network access request. The configurator also derives the first shared key, and verifies whether the encoded second enrollee public key was encoded by the first shared key, and, if so, generates security data and cryptographically protects data using a second shared key, and generates a network access message. The enrollee processor also derives the second shared key and verifies whether the data was cryptographically protected and, if so, engages the secure communication based on the second enrollee private key and the security data.

Abstract: A system includes at least one processor and at least one memory communicatively coupled to the at least one processor. The at least one processor is configured to receive a plurality of doubly-encrypted secret parts that were encrypted using at least a public key belonging to a public/private keypair. The at least one processor is also configured to decrypt each of the plurality of doubly-encrypted secret parts into a corresponding singly-encrypted secret part using a private key belonging to the public/private keypair. The at least one processor is also configured to decrypt each corresponding singly-encrypted secret part into a corresponding secret part. A secret is reconstructed from a quantity of corresponding secret parts that is a subset of a total number of secret parts previously created from the secret.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: An encryption system for performing encryption and decryption by a multi-input inner product functional encryption having a function hiding property includes a setup unit configured to generate, taking a vector length m and the number of arguments ? of an inner product function as input, a master secret key msk and a public parameter pp by using a setup algorithm of a single-input inner product functional encryption having a predetermined characteristic and having a function hiding property and a key generation algorithm of a common key encryption satisfying a predetermined condition, an encryption unit configured to generate, taking the master secret key msk, the public parameter pp, an index i of the arguments, and a vector x as input, a ciphertext cti corresponding to the index i by using an encryption algorithm of the single-input inner product functional encryption and an encryption algorithm of the common key encryption.

Abstract: The disclosed technology provides solutions that enable scalable and secure data retrieval between microservices by using microservice attributes to encrypt container based data stores. A process of the technology can include steps for: instantiating a first microservice and a second microservice in a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label, generating a first key based on the first attribute label and a second key based on the second attribute label, associating a first data store with the first microservice, wherein the first data store is encrypted using the first key, and associating a second data store with the second microservice, wherein the second data store is encrypted using the second key. Systems and machine readable media are also provided.

Abstract: A method, system, and medium used in unauthorized communication detection in an onboard network system having electronic control units connected to a network include: identifying, from information relating to an attack message on the onboard network system, a communication pattern indicating features of the attack message; determining whether a candidate reference message matches the communication pattern; and determining a reference message used as a reference in determining whether or not a message sent out onto the network is an attack message, using results of the determining of whether or not the candidate reference message matches the communication pattern identified in the identifying operation.

Abstract: Systems and methods for generating network mappings of self-executing program characteristics. For example, the system may receive a first user request to generate a mapping of a first network, wherein the mapping indicates self-executing program characteristics corresponding to each self-executing program of a first plurality of self-executing programs. In response to the first user request, the system may query the first plurality of self-executing programs to generate the mapping by identifying each self-executing program in the first plurality of self-executing programs, determining respective relationships between each self-executing program in the first plurality of self-executing programs and other self-executing programs in the first plurality of self-executing programs, and determining respective self-executing program characteristics for each self-executing program in the first plurality of self-executing programs. The system may store the mapping.

Abstract: Provided are systems and methods for securely providing an encryption key from a remote resource to a secure element. In one example, the method may include receiving transaction data for settling a payment transaction between a merchant and a cardholder of the computing device, reading a merchant encryption key stored in a secure element of the computing device and received from a remote computing service, dynamically generating, via the secure element, a cryptogram that remotely authenticates the transaction data using the merchant encryption key, and transmitting the dynamically generated cryptogram to a computing system associated with the merchant.

Abstract: A performance-optimized secure hierarchical referencing system, for example to implement a cryptographic file system (CFS) in which files or other data are stored in a cryptographic tree structure on a untrusted environment. The system operates by using adaptive cryptographic access control (ACAC) whereby the data on the client (user) side is encrypted using keys. All said keys (with the exception of an entry key) are not stored but are calculated, and a dedicated symmetric key is used for each element in the referencing system (e.g. files, records, comments) to ensure that read/write permissions can be distributed to selected third parties at element level and actively revoked where required (sharing/revocation).

Abstract: Multi-tenant hosting of inverted indexes for text searches is implemented. Text search requests are routed to different index nodes that cache inverted indexes for different user accounts. Updates to inverted indexes are routed to index nodes that have acquired a lock on an inverted index. The index nodes have access to a common data store that persistently stores the inverted indexes.

Abstract: In some embodiments, a method can include detecting, at a first circuit, the first circuit being operatively coupled to a memory device having a set of memory portions. The method can include receiving, from the memory device and at the first circuit, a set of encryption key portions after the detecting, each encryption key portion from the encryption key portions being a unique portion of an encryption key. The method can include assembling the encryption key by ordering each encryption key portion from the set of encryption key portions based on (1) a first previously defined list and (2) a second previously defined list. The first previously defined list and the second previously defined list each is stored at or accessible by the first circuit but not stored at or accessible by the memory device. The method can include authorizing access to a second circuit based on the encryption key.

Abstract: A method for implementing non-repudiation of payment in a payment managing server includes receiving, from a user terminal, a terminal public key of a pair of asymmetric keys generated by the user terminal, receiving user authentication information, the user authentication information having been generated by a user authentication server and transmitted to the user terminal, storing the received terminal public key when validity of the user authentication information is confirmed through a communication with the user authentication server, receiving a payment request from the user terminal, receiving, from the user terminal, electronic signature information that has been encrypted with a terminal private key of the pair of asymmetric keys and decrypting the electronic signature information using the stored terminal public key, is provided.

Abstract: An autonomous agent operating method, system, and computer program product, including configuring an autonomous agent for a task, launching the autonomous agent with an initial update interval, the update interval determining a frequency of the autonomous agent reporting results to a human user for review, measuring the trust level of human user in a performance of the autonomous agent, and dynamically adjusting the update interval based on this measured trust.

Abstract: A computerized system and method for symmetric encryption and decryption using two machines, the method including obtaining a message and an initialization vector on a first machine, sending the initialization vector to a second machine, where said second machine stores an encryption key for a Key Derivation Function (KDF), generating a derived key on the second machine by applying the KDF receiving as input both the encryption key and the initialization vector, sending the derived key from the second machine to the first machine, and encrypting the message using the derived key on the first machine.

Abstract: Described herein are methods, systems, and computer-readable storage media for participating in a validation process with the host computing device. Techniques include receiving, from the host computing device, a second key that is part of a cryptographic key pair comprising a first key and the second key. Techniques further include, encrypting, using the second key and as part of the validation process, data at the peripheral device and sending the encrypted data to the host computing device. Further, the host computing device validates an identity of the peripheral device based on a decryption, using the first key, of the encrypted data.

Abstract: A computer method and system for mitigating Domain Name System (DNS) misuse using a probabilistic data structure, such as a cuckoo filter. Intercepted is network traffic flowing from one or more external hosts to a computer network, the intercepted network traffic including a DNS request that requests a Resource Record name in a DNS zone file. A determination is made as to whether the DNS request is requesting resolution at a protected DNS Name Server. A hash value is calculated for the requested Resource Record name if it is determined the DNS request is requesting resolution at the protected DNS Name Server. A determination is then made as to whether the calculated hash value for the requested Resource Record name is present in the probabilistic data structure. The DNS request is forwarded to the protected server if the requested Resource Record name is determined present in the probabilistic data structure.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

Abstract: Methods, systems, and apparatus for authenticating and authorizing users using quantum key distribution through segmented quantum computing environments. In one aspect, a method includes receiving a first and second plaintext data input from a first party and from a second party, respectively; applying a quantum computation translation operation to the first and second plaintext data inputs to generate a corresponding first sequence of quantum computations and a second sequence of quantum computations; implementing the first and second sequence of quantum computations in a first and second segmented quantum computing environment, respectively, to obtain a first and second sequence of measurement results; generating a first and second encryption key using the first and second sequence of measurement results, respectively, and an encrypted authorization token using the second encryption key; and sending the first encryption key to the first party, and the encrypted authorization token to the second party.

Abstract: A data synthesis system comprising a high side computing environment and a low side computing environment. Access to the high side computing environment may be restricted to a first one or more users. The high side computing environment may comprise a first one or more datasets and one or more specification computer programs. The one or more specification computer programs may be configured to generate a data synthesis specification based on the structure of the first one or more datasets. The low side computing environment may be accessible by a second a one or more users. The low side computing environment may comprise one or more data synthesizer computer programs. The one or more data synthesizer computer programs may be configured to synthesize a second one or more datasets based on the data synthesis specification.

Abstract: A wireless User Equipment (UE) performs quantum authentication with a wireless communication network. The wireless UE receives qubits that were generated by the wireless communication network and determines polarization states for the qubits. The wireless UE exchanges cryptography information with the wireless communication network. The wireless UE and the wireless communication network both generate cryptography keys based on the polarization states and the cryptography information. The wireless UE generates authentication data based the cryptography keys. The wireless UE wirelessly transfers the authentication data to the wireless communication network. The wireless communication network authenticates the wireless UE based on the authentication data and the cryptography keys.

Abstract: The present invention relates to cryptographic protection of information by using keys derived from quantum keys from an associated quantum key distribution (QKD) system. The system includes a transmitting node and a receiving node of a single-pass QKD system, and two encryptors connected by a classical communication channel. The one encryptor is further connected to the transmitting node of the QKD system by a first local communication link, and the other encryptor is connected to the receiving node of the QKD system by a second local communication link. A method of implementing the system includes generating encryption keys and authentication keys based on quantum keys of a size not less than the one specified in operation of the system, exchanging service data in course of execution of the quantum protocol using the encryption keys and authentication keys, and providing identity of the encryption keys and the authentication keys.

Abstract: The technology described herein uses data in certificate transparency (CT) logs to identify security certificates that are likely to be used for phishing or brand violation. The technology described uses machine vision technology to analyze the domain name in a CT log as a user would view it. The domain name in the CT log is rendered as it might appear in a web browser's address bar. The rendered domain name is then converted to a text string using optical character recognition (OCR). The text string generated by OCR is then analyzed by a brand detection system to determine whether the text string matches a brand name. When a known brand is detected, a trust analysis is performed to determine whether the security certificate in the CT log is actually associated with the brand.

Abstract: Systems and methods for controlling access to data in applications using client-side encryption. In that regard, in some examples, a first application (e.g., an email application, calendar application, messaging application, word processing application, file storage application, etc.) hosted from a particular web domain may be configured to invoke a second application hosted from a different origin (e.g., a different web domain or subdomain) to handle receiving and encrypting any sensitive information from a client entered through a client application (e.g., a web browser), and to handle decrypting information to be provided to the client through the client application. This second application may be loaded in an inline frame or similar subwindow or subroutine configured to prevent or limit the first application from having access to sensitive information in the second application.

Abstract: Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

Abstract: A data packet verification method and a device improve network security. The method includes: receiving a data packet of a terminal device, where the data packet carries a first token and a service identifier, and the service identifier is used to indicate a type of a service to which the data packet belongs; obtaining first input information based on the data packet, and generating a second token based on the first input information, where the first input information includes an identifier of the terminal device and the service identifier carried in the data packet; and sending the data packet when the first token is the same as the second token.

Abstract: A system allows the identification and protection of sensitive data in a multiple ways, which can be combined for different workflows, data situations or use cases. The system scans datasets to identify sensitive data or identifying datasets, and to enable the anonymisation of sensitive or identifying datasets by processing that data to produce a safe copy. Furthermore, the system prevents access to a raw dataset. The system enables privacy preserving aggregate queries and computations. The system uses differentially private algorithms to reduce or prevent the risk of identification or disclosure of sensitive information. The system scales to big data and is implemented in a way that supports parallel execution on a distributed compute cluster.

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.