Abstract: Aspects of the subject disclosure may include, for example, embodiments can include initiating a voice call to a communication device utilized by a subscriber of a media content service. The voice call indicates a video trailer for media content is available for viewing by the subscriber. Further embodiments can include receiving a first request to present the video trailer for the media content in response to the voice call. Additional embodiments can include providing the video trailer to the communication device. Other embodiments are disclosed.

Abstract: A communication control device includes an extracting unit and an output unit. The extracting unit extracts, from a media key block containing a plurality of elements, partial information that contains elements which can be processed by a communication device having a device ID thereof identified in identification information for identifying one or more device IDs. The output unit outputs a group ID for identifying a group, the identification information, and the partial information, to a plurality of the communication devices that include all of the communication devices belonging to the group.

Abstract: A quantum cryptography apparatus and system includes a photon emitter, a photon receiver, a first photodetector, a second photodetector, a first polarization optic, and a second polarization optic. The photon emitter is configured to emit a photon at a wavelength, wherein the photon emitter is coupled to the photon receiver by at least one quantum channel. The photon receiver includes the first polarization optic configured to output a polarization state of the emitted photon. The first photodetector is configured to detect the photon emitted from the output of the first polarization optic. The second photodetector is configured to detect a backflash from the first photodetector. The second polarization optic is between the first photodetector and the second photodetector. The quantum cryptography apparatus may be a quantum key distribution system for characterizing backflashes.

Abstract: A dual mode payment interface device has a touch display and alternatively operates in a first mode and a second mode. The first mode provides access to a merchant system interface (MSI) on the touch display and provides access to a customer system interface (CSI) on the touch display. The second mode provides access to a CSI on the touch display and does not provide access to the MSI on the touch display. The system also includes a merchant display device having a second touch display. The merchant display device provides access to the MSI on the second touch display. The system also includes a wire that provides a communicative connection between the dual mode payment interface device and the merchant display device. The second mode is enabled by the communicative connection.

Abstract: A fully homomorphic encrypted ciphertext query method, the method including: acquiring a first plaintext, encrypting the first plaintext using a symmetric-key algorithm or a public-key algorithm to yield a first ciphertext, and storing the first ciphertext as a queried object; receiving a second plaintext which corresponds to a query condition, encrypting the second plaintext using a symmetric-key algorithm or a public-key algorithm to yield a second ciphertext, and storing the second ciphertext as a query object; performing bitwise summation on the queried object and the query object, to acquire a ciphertext query result; and decrypting the ciphertext query result to yield a decrypted plaintext, and comparing the decrypted plaintext with the second plaintext, determining, if the decrypted plaintext is the same as the second plaintext, the ciphertext query result is correct, and the query object exists in the queried object; otherwise, determining the ciphertext query result is incorrect.

Abstract: A computerized process is described for transferring content from a first entity to a second entity including first transferring separately and via a database entity for each content: a content identifier, content rights, a content encryption key, a content initialization vector, a content encryption count, and a first entity identifier. Included with the transferred content is a transfer identifier, which is encrypted. After transferred content is received by the second entity, the transfer identifier is used to retrieve the content rights, content encryption key, content encryption initialization vector, content encryption count, and first entity identifier from the database entity. After receiving the content, both actions taken on the content and disposition of the content at the second entity are controlled according to the content rights by the first entity and the status of the content is reported to the first entity via a database entity.

Abstract: Disclosed herein are a quantum cryptography-based cryptographic communication system and an authentication, payment and transaction system via a relay device between a communication device and a server. A relay device for quantum cryptography authentication includes an optical receiver unit, an optical transmission unit, and a processor. The processor includes a quantum signal control unit, a user authentication unit, and a random number generation unit. The optical receiver unit receives a series of second quantum signals generated in such a manner that a series of first quantum signals generated by a first quantum filter and sent from a communication device pass through the second quantum filter of the relay device or a reception side, and the optical transmission unit transfers the series of second quantum signals to a server.

Abstract: An electronic device includes an imager and one or more processors operable with the imager. The imager captures at least one image of a plurality of persons. The one or more processors blur depictions of one or more persons of the plurality of persons until a reveal permission instruction is detected.

Abstract: A method, an electronic apparatus, and a recording medium for establishing a wireless connection through vibration are provided. In the method, at least one nearby electronic apparatus is scanned by the first electronic apparatus. A pairing request is transmitted to the second electronic apparatus among the at least one nearby electronic apparatus by the first electronic apparatus. A pairing code is generated in response to receiving the pairing request and a vibration with a pattern in accordance with the pairing code is triggered by the second electronic apparatus. The vibration is detected and the pattern of the vibration is identified to obtain the pairing code by the first electronic apparatus. The obtained pairing code is transmitted to the second electronic apparatus by the first electronic apparatus. Finally, the pairing code is confirmed by the second electronic apparatus to establish the wireless connection with the first electronic apparatus.

Abstract: Systems, apparatuses and methods may provide for technology that transmits and processes panoramic video images in wireless display devices. Multiple video streams may be captured by one or more video cameras and transmitted from a transmitter to the receiver, and each of the video streams may be tagged with an identifier. The identifiers may be used by the receiver to determine an order in which the panoramic video images will be processed and stitched by the receiver, and rendered on a display device.

Abstract: Disclosed aspects relate to local encryption of a set of replicated data in a shared pool of configurable computing resources which has a set of member nodes. A first local encryption key for the first node of the set of member nodes may be determined. The first local encryption key for the first node of the set of member nodes may be generated. A second local encryption key for the second node of the set of member nodes may be determined. The second local encryption key may differ from the first local encryption key. The second local encryption key for the second node of the set of member nodes may be generated. A temporary key for utilization by both the first and second nodes may be generated. The set of replicated data may be updated using the first local encryption key, the temporary key, and the second local encryption key.

Abstract: Methods and system described herein are directed to identifying anomalous behaving components of a distributed computing system. Methods and system collect log messages generated by a set of event log source running in the distributed computing system within an observation time window. Frequencies of various types of event messages generated within the observation time window are determined for each of the log sources. A similarity value is calculated for each pair of event sources. The similarity values are used to identify similar clusters of event sources of the distributed computing system for various management purposes. Components of the distributed computing system that are used to host the event source outliers may be identified as potentially having problems or may be an indication of future problems.

Abstract: Periodically re-encrypting user data stored on a storage device, including: detecting that a data encryption key should be decommissioned; and for user data stored on the storage device that is encrypted with the data encryption key: reading the user data that is encrypted with the data encryption key from the storage device; re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted utilizing the current data encryption key to the storage device.

Abstract: A method and apparatus for performing firmware programming on a microcontroller chip and the associated microcontroller chip are provided.

Abstract: Embodiments described herein relate to obtaining a public key for an application of a communication device, including, but not limited to, receiving a request from the communication device to obtain the public key, evaluating the request based on at least one policy, requesting the public key from a public key infrastructure (PKI) in response to determining that the request is authorized, receiving the public key from the PKI, and sending the public key to the communication device.

Abstract: A method for a re-issuance of an attribute-based credential of an issuer of the attribute-based credential for a user may be provided. The user is holding backup values derived from a first credential previously obtained from the issuer, wherein the first credential is built using at least a first value of at least one authentication pair. The method comprises receiving by the issuer from the user a set of values derived from the backup values comprising a second value of the at least one authentication pair, validating by the issuer that the second value is a valid authentication answer with respect to the first value and whether the set of values was derived from a valid first credential, and providing by the issuer a second credential to the user based on the first set of values.

Abstract: Systems and techniques are disclosed for secure storage and searching of information on insecure search systems. One of the methods is implemented by a system of one or more computers being in communication with clients and search engines. A request associated with storage of client information in a search engine is obtained. First cryptographic information is generated based on a portion of the client information, such that the first cryptographic is to be utilized for indexing by the search engine. Second cryptographic information is generated based on performing an order-preserving encryption process on portion of the client information, such that the second cryptographic information is to be utilized to recover order associated with information included in the portion. The first cryptographic information and the second cryptographic information are provided for storage in the search system.

Abstract: Example methods are provided for a host to maintain security system information in a virtualized computing environment, in which the host supporting a security system to secure a source virtualized computing instance. The method may include, based on an operation associated with the source virtualized computing instance, determining to maintain security system information associated with the security system. The method may further include obtaining the security system information that includes first information from the source virtualized computing instance, or second information from a source security virtualized computing instance, or both. The source virtualized computing instance may implement a first component of the security system and the source security virtualized computing instance a second component of the security system.

Abstract: An information processing method, includes calculating, using a first station, an estimated ratio of a quantity of pulses affected by a photon-number splitting (PNS) attack including a multi-photon in the pulses to a total quantity of the pulses, performing, using the first station, error correction processing on key information based on the estimated ratio to obtain a shared key of the first station and a second station when the estimated ratio is less than a preset threshold. Hence, a degree to which the photon is affected by the PNS attack can be estimated in order to perform error correction on the key information, thereby improving security of a key distribution.

Abstract: Provided are a system and method of encrypting a folder in a device. The device for controlling access to the folder includes a communication part configured to transmit, to a server, an encryption key generation request with respect to the folder, and receive, from the server, an encryption key associated with the folder that is generated in response to the encryption key generation request, wherein the encryption key generation request includes an identification of the folder and authentication data of a user who accesses the folder is an authorized user; and a controller configured to authenticate the user by using the encryption key.

Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.

Abstract: The present application discloses an authentication method used in a QKD process, and further discloses additional authentication methods and corresponding apparatuses, as well as an authentication system. The method comprises: selecting, by a transmitter according to a basis selection rule, a basis of preparation for transmitter authentication information that is generated with a first pre-provisioned algorithm and varies dynamically, and transmitting quantum states containing key information and the transmitter authentication information; and measuring, by a receiver, quantum states of the transmitter authentication information according to the basis selection rule, and ending the QKD process if a measurement result is inconsistent with corresponding information calculated with the first pre-provisioned algorithm.

Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to be executed by a processor. The code includes code to cause the processor to receive, at a first compute device, (1) a message signed using a signature associated with a derived private key of a second compute device, and (2) an identifier. The code further includes code to cause the processor to retrieve, using the identifier, an ascendant public key associated with the second compute device. The code further includes code to cause the processor to generate, using a key derivation function with the ascendant public key and the identifier as inputs, a derived public key that is paired with the derived private key. The code further includes code to cause the processor to authenticate the second compute device by verifying the signature using the derived public key.

Abstract: Systems and techniques are disclosed to reduce workload on base stations in a mobile network when content delivery networks cache content inside the network. A user equipment sets a flag only with those packets on the uplink which include requests that should be routed to the cache server inside the mobile network. The base stations perform deep packet inspection of those packets where flags have been set and forward other packets on to the rest of the relevant backhaul of the mobile network. After deep packet inspection, the base stations either route the packet to the cache server via an established connection or propagate the flag in an extension header to another network node for routing to the cache server. The resulting content is returned to the UE with the source address of the originally intended destination instead of the cache server, rendering the process transparent to the end user.

Abstract: Some database systems may implement encryption services to improve the security of data stored in databases or on disks. The systems may implement encryption using multiple encryption keys. For example, a worker server may implement a system call interceptor, such as a filesystem in userspace (Fuse) driver. The system call interceptor may intercept system calls (e.g., associated with query or extract, transform, and load (ETL) jobs) as they enter or exit the kernel. The system call interceptor may determine whether data sets associated with the jobs are marked for encryption, and may perform an encryption process on the data sets. A worker may encrypt and store data sets on a worker disk or at a file store, or may retrieve and decrypt the data sets. The system may additionally manage encryption keys, and may provide mechanisms for archiving or revoking encryption keys while maintaining user access to stored data sets.

Abstract: To verify compliance with a data access policy, a query result including data specified by a requesting entity and a representation of a data access policy is received from a database. Based on the representation of the data access policy included in the query result, it is verified whether the requesting entity is permitted to access the data included in the query result. Transmission of the data included in the query result to the requesting entity is controlled responsive to the verification. Related methods, systems, and computer program products are also discussed.

Abstract: Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. whether and how files are encrypted with the encryption keys, may also be used to assist in selecting appropriate security handling and routing of the communications.

Abstract: A method begins by a dispersed storage (DS) processing module segmenting a data partition into a plurality of data segments. For a data segment of the plurality of data segments, the method continues with the DS processing module dividing the data segment into a set of data sub-segments and generating a set of sub keys for the set of data sub-segments based on a master key. The method continues with the DS processing module encrypting the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments and aggregating the set of encrypted data sub-segments into encrypted data. The method continues with the DS processing module generating a masked key based on the encrypted data and the master key and combining the encrypted data and the masked key to produce an encrypted data segment.

Abstract: A data checking device that is connected to a communication entity includes: a port unit configured to communicate with the communication entity; a key storage unit configured to store predetermined keys; an encryption/decryption unit configured to encrypt or decrypt data transmitted from the communication entity through the port unit by using a first key among the predetermined keys; an output unit configured to output decrypted data; and a connection unit configured to physically connect the data checking device with another device storing keys which are identical to the predetermined keys. The predetermined keys stored in the key storage unit are generated and stored when the data checking device is connected to the another device by the connection unit.

Abstract: A method of operating a memory system, having a non-volatile memory device, includes processing a response to a first request toward the memory device by using an original key, in response to the first request, generating and storing first parity data corresponding to the original key, and deleting the original key.

Abstract: A system that includes a quantum key device, a first device, and a second device. A monitor module is configured to detect, at the first device, that the second device is reading quantum information over a second quantum communication channel. A read module is configured to read, at the first device, the quantum information over a first quantum communication channel. An encryption module is configured to generate a first quantum encryption key at the first device using the quantum information that is read over the first quantum communication channel. The encryption module is also configured to encrypt data using the first quantum encryption key to create encrypted data. The second device decrypts the encrypted data using a second quantum encryption key generated at the second device using the quantum information read at the second device to create decrypted data.

Abstract: Techniques and a system are provided for protecting content (or media item) streamed over a network from unauthorized access. As an example, the streaming protection system generates statistics when a client requests a media item. The statistic may be generated based on various factors. The media item is divided into different portions, each portion requiring a different key to decrypt the portion so that it may be viewed by a user. Based on the generated statistic, the streaming protection system determines whether or not to allow the client access to the decryption key for a portion of the media item.

Abstract: In one embodiment, a processor comprises: a first domain including a plurality of cores; a second domain including at least one graphics engine; and a power controller including a first logic to receive a first performance request from a driver of the second domain and to determine a maximum operating frequency for the first domain responsive to the first performance request. Other embodiments are described and claimed.

Abstract: A method for managing keystore information on a computing device may include requesting a keystore from a distribution system, receiving the keystore from the distribution system, and populating a runtime environment with keystore information contained within the keystore. A method for generating a keystore may include receiving, by a distribution system, a request for a keystore from a computing device, generating a key pair including a public key and a private key, generating a certificate signing request, digitally signing the public key with the private key, generating the keystore, combining the signed public key with the private key in the keystore, and providing the keystore to the computing device. A method for generating a truststore may include receiving, by a distribution system, a request for a truststore from a computing device, generating the truststore, adding a certificate to the truststore, and providing the truststore to the computing device.

Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.

Abstract: The disclosed computer-implemented method for performing secure backup operations may include (i) identifying a backup server that has been designated to perform a backup task for a backup client, (ii) prior to facilitating the backup task on the backup client (a) identifying both a trust level of the designated backup server and a sensitivity level of the backup task and (b) determining whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task, and (iii) facilitating the backup task on the backup client based on the determination of whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A security layer in an industrial control and automation system includes a user database, a web server, a secure token server (STS), and an application server. The user database is configured to store identities of users with credentials to access controls of the security layer. The web server is configured to identify an operator using a client device. The STS is configured to authenticate the operator for the security layer. The application server is configured to negotiate access for the client device for a target application server in a target security layer.

Abstract: A data management and storage (DMS) cluster of peer DMS nodes manages resources of a multi-tenant environment. The DMS cluster provides an authorization framework that provides user access which is scoped to the resources within a tenant organization and the privileges of the user within the organization. To authorize an action on a resource by a user, the DMS cluster determines determine user authorizations associated with the user defining privileges of the user on the resources of the multi-tenant environment, and organization authorizations associated defining resources of the multi-tenant environment that belong to the organization. The DMS cluster authorizes the action when the user authorizations and organizations authorized indicate that the action on the resource is authorized.

Abstract: Techniques are disclosed herein for protecting personally identifying information (PII) and behavioral data while delivering targeted assets. In one aspect, a profile is created based on a template and desired characteristics of users to receive one or more targeted assets. The template provides a framework for the user characteristics. One or more clients are provided the template. A manifest that identifies the targeted assets is encrypted based on the profile. The encrypted manifest is sent to the one or more clients. A user profile is generated at a client based on a template. The client attempts to decrypt the encrypted manifest based on the profile created at the client. The client sends a request for any targeted assets that were identified through the attempt to decrypt the encrypted manifest.

Abstract: A method of operating a first device in group of devices in a network is disclosed. The method comprises encrypting and decrypting, with a processor of the first device, communications with other devices in the group of devices using a shared key that is stored in a memory of each device in the group of devices; receiving, with a transceiver of the first device, a first message from a second device in the group of devices, the first message indicating that the first device is authorized to share the shared key; and transmitting, with the first device, the shared key to a third device in the network that is not in the first group of devices only after receiving the first message indicating that the first device is authorized to share the shared key.

Abstract: In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

Abstract: The object of the invention is a method for transmitting electronic mail messages securely encrypted to a recipient, to whom an unencrypted electronic mail to be delivered cannot be assured of its information security. In the method: the sender (C1) sends an electronic mail message (1) to an electronic mail server (M1) that is his own or that of a known organization using an encrypted electronic mail transmission protocol, and the electronic mail message is marked as secured mail by adding the domain identifier of the secured mail server to the end of the electronic mail address of the recipient, wherein the server M1 sends it as guided by the name service further, using an encrypted transmission protocol, to the secured mail server TP, which stores it. The secured mail server sends to the sender a dispatch acknowledgment request (2.1), to which the sender answers with a dispatch acknowledgment (2.

Abstract: Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices. One method includes receiving, at a server, a security status indicating that the security of a first communication device has been compromised. The first communication device is associated with a user and includes a first identity-based cryptographic private key and a first user identifier. The method also includes, responsive to receiving the security status, determining, with the server, a second user identifier based on the first user identifier. The method further includes determining, with the server, a second identity-based cryptographic private key based on the second user identifier. The method also includes distributing, via the server, the second identity-based cryptographic private key to a second communication device. The second communication device is associated with the user.

Abstract: A cybersecurity system includes a controller that functions as a gateway between an end user device and an offline data storage device. When the end user device wants to access a file on the offline data storage device the controller severs a connection between a temporary storage memory and the end user device, establishes a connection with the offline data storage device, pulls the data from the offline data storage device to a temporary storage memory, then severs the connection with the offline data storage device, then establishes the connection with the end user device and communicates the data from the temporary storage memory to the end user device before overwriting the data in the temporary storage memory.

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

Abstract: Rules are applied at a network perimeter to outbound network communications that contain file attachments. The rules may, in a variety of circumstances, require wrapping of an outbound file from the endpoint in a portable encrypted container. The network perimeter may be enforced locally at the endpoint, or at any network device between the endpoint and a recipient.

Abstract: Disclosed are an apparatus and a method for controlling a vehicle using a user terminal that authenticates a user terminal using an NFC module mounted in a vehicle and controls the vehicle using communication between the NFC module and the user terminal. An apparatus for controlling a vehicle using a user terminal includes: a terminal authenticator that authenticates a user terminal using any one module of wireless communication modules mounted in a vehicle; and a vehicle controller that controls the vehicle in a fit-type in accordance with the position of the any one module when the user terminal is authenticated.

Abstract: Systems and methods for configuring a cryptographic system, such as an avionic data transfer system associated with an aircraft, are provided. More particularly, systems and methods can be used to assemble a cryptographic key configuration (CKC) for use in a cryptographic system. A CKC can include various components for configuration of a cryptographic system. An administrator can generate CKCs for multiple host systems via a user interface (e.g., a graphical user interface) at a terminal and can deliver the CKCs to the host systems via an automated process by way of, for instance, a removable data cartridge.

Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.

Abstract: A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.