Abstract: A system and method for deploying software is disclosed. The system includes an architecture for deploying simulation software as a service. The architecture includes a client layer. The client layer includes an edge device, a resource manager, an update framework, a firewall, and a key management system. The architecture further includes a control layer communicatively coupled to the client layer, wherein a portion of the control layer is configured within a server. The control layer includes an application programming interface, one or more containers, wherein at least one of the one or more containers is a simulation processing container. The control layer further includes an orchestration node, a continuous integration tool, one or more processors, and a content delivery network module. The architecture further includes a data layer communicatively coupled to the one or more containers.

Abstract: Systems and methods for securing encrypted data wherein a sending computer encrypts data to be transmitted with an encryption key. The encryption key itself is not sent, but can be derived from a second key and third key. The second key is modified such that an incomplete portion of the second key is sent along with the message to a recipient computer. The third key is sent separately to the recipient computer. The recipient computer obtains the remainder of the second key, reconstructs the complete second key and then uses it with the third key to derive a decryption key to decrypt the message.

Abstract: A secure communication method and a secure communications apparatus related to the field of communications technologies and applied to a terminal. The terminal has a first security context and a second security context, the first security context is used by the terminal to communicate with a first network, the second security context is used by the terminal to communicate with a second network, and the first security context and the second security context include different first information.

Abstract: According to one aspect of the present invention, there is provided a method for managing a medical information platform using a blockchain, the method comprising the steps of: dynamically calculating an exchange ratio between tokens and points, with reference to at least one of an amount of points that a user intends to exchange for tokens on a medical information platform, an amount of tokens that the user intends to exchange for points on the medical information platform, an amount of tokens present in a token pool managed by the medical information platform, and an amount of points previously exchanged for tokens on the medical information platform; and providing the user with the tokens or points exchanged with reference to the calculated exchange ratio.

Abstract: A processor-implemented system and method for dynamically retrieving an attribute value of an identity claim for a user using a digitally signed access token that is digitally signed by a user device, at a relying party device associated with a relying party. The method includes (i) making an API call to retrieve at least one identity claim for the user, (ii) processing each identity claim of the user, with the relying party device, to identify if at least one by-reference identity claim that includes a URL of an endpoint, (iii) obtaining the digitally signed access token that is digitally signed by the user device, (iv) invoking the URL of the endpoint with the at least one by-reference identity claim and the digitally signed access token, and (v) dynamically retrieving the attribute value from the URL of the endpoint from an issuing party device associated with an issuing party.

Abstract: An arithmetic apparatus includes an interface and a circuity. The interface is connected to an information processing apparatus that is connected to a client apparatus and that processes data in an encrypted state. The circuitry acquires, from the information processing apparatus, encryption input data or encryption target data encrypted with a first encryption key. The circuitry decrypts the acquired, encryption input data or encryption target data with a first decryption key. Then, the circuitry executes a predetermined arithmetic operation on the decrypted arithmetic operation target data, encrypts data of an arithmetic operation result obtained by the predetermined arithmetic operation with the first encryption to key, and outputs the encrypted data of the arithmetic operation result to the information processing apparatus.

Abstract: Identity management is disclosed that allows authentication of a user for a third party by way of an encrypted token. A biometric signature can be requested for a user of a user device. In response, an encrypted token can be generated based at least in part on the biometric signature. The encrypted token can then be provided back to the user device, which can save the encrypted token to a secure location on the user device accessible by biometric authentication of the user on the user device. An authentication request can be provided from a third party which includes an encrypted token. A determination can be made regarding whether user identity can be confirmed based on the encrypted token. An indication of whether the user identity was confirmed or unconfirmed can then be communicated in response to the authentication request.

Abstract: A storage apparatus sends a request for a key encryption key to a key management server using a storage apparatus ID as a parameter, acquires the key encryption key, for which a request has been sent to the key management server, and its attribute information, and stores the key encryption key and its attribute information in a key encryption key list while eliminating the key encryption key that is duplicated. Then, in the order listed in the key encryption key list, decryption of the encryption key is attempted by the key encryption key stored in the key encryption key list, and the success or failure of the decryption of the encryption key is determined. When the decryption of the encryption key using the key encryption key fails, the decryption of the encryption key is attempted using a key encryption key, which has not been attempted yet, in the key encryption key list.

Abstract: A method for analyzing software with pointer analysis may include obtaining a software program, and determining a first independent program slice of the software program describing a first code segment of the software program. The method may further include determining, using a first pointer analysis objective, a first result from performing a first pointer analysis on the first independent program slice, and determining, using the first result, a first dependent program slice of the software program. The method may further include determining, using a second pointer analysis objective, a second result from performing a second pointer analysis on the first dependent program slice. The method may further include generating a report, using these results, indicating whether the software program satisfies a predetermined criterion.

Abstract: A method, system and computer-usable medium for using pseudonyms to identify entities and their corresponding security risk factors is disclosed. In certain embodiments, a computer-implemented method for identifying security risks associated with a plurality of different entities is disclosed, wherein the method comprises: receiving a stream of events, the stream of events comprising a plurality of events associated with the plurality of different entities; pseudonymizing events of the plurality of events by replacing entity names in the plurality of events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user behaviors presenting security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors.

Abstract: A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence.

Abstract: A method for transferring digital multimedia rights, the method including but not limited to requesting permission from the destination end user to transfer the digital multimedia rights to the destination end user device; and if the permission is received from the destination end user, canceling the source set of digital multimedia rights associated with the source end user and transferring the source set of digital multimedia rights associated with the source end user to the destination end user device. A system and computer program product are disclosed for performing the method.

Abstract: A method comprising receiving first data representative of a query. A representation of the query is generated using an encoder neural network and the first data. Words for a rephrased version of the query are selected from a set of words comprising a first subset of words comprising words of the query and a second subset of words comprising words absent from the query. Second data representative of the rephrased version of the query is generated.

Abstract: The present disclosure provides systems and methods for electronically providing each of a plurality of content distributors with access to a library of content items, facilitating the selection of a combination of the content items, creating a unique set of links for each recipient-distributor combination, and distributing the selected content and unique links via one or more distribution channels to a plurality of recipients. As each link is associated with both a recipient and a distributor, conversion actions stemming from the selection of a link by a recipient are attributed to the proper distributor. Distributors can create content distribution approaches that can be shared with other distributors.

Abstract: Disclosed is a method of registering a new optical network unit (ONU) to be performed by an optical line terminal (OLT). The method includes transmitting a ranging notification message to a centralized unit (CU)/distributed unit (DU) to register the new ONU, receiving scheduling information for registering the new ONU from the CU/DU in response to the ranging notification message, transmitting a serial number request message to a service region in which ONUs are present based on the received scheduling information, and when the serial number response message is received from the new ONU in response to the serial number request message, registering the new ONU that transmits a serial number request message. The transmitting of the serial number request message is performed through a multi-quiet zone of a short period.

Abstract: Example embodiments relate to transaction authentication using biometric inputs from multiple users. The biometric inputs are input via a single computing entity simultaneously or within a configurable time period. The biometric inputs can be used to generate a transaction authentication record to authenticate the transaction.

Abstract: A method for preventing a differential cryptanalysis attack is provided. The method is implemented by an adaptive scan chain, a control module, and a plaintext analysis module. The plaintext analysis module controls the adaptive scan chain, so that two plaintexts differing in the last bit of only one byte are input through scan chains with different structures. Consequently, the two input plaintexts for which differential cryptanalysis attack technology originally can be used to crack the key are unable to generate outputs that can be used by the differential cryptanalysis attack technology.

Abstract: A method and system for processing query requests, including receiving, at a secondary site, a query request from a client and executing the query request to obtain an archive replica package (ARP). The method further includes making a determination that a record associated with the ARP is not stored at the secondary site and based on the determination, transmitting a request to a primary site. The method further includes, in response to the request to the primary site, receiving an archive package and a record where the archive package is associated with the record, and providing the first record to the client.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: A method and system for securely replicating encrypted deduplicated storages. Specifically, the method and system disclosed herein entail the replication and migration of encrypted data between storage systems that support deduplication. More specifically, a first encrypted data, which may have been encrypted using a first public cryptographic key and consolidated on a source storage system, may be translated into an interim (yet still encrypted) state using a first split private cryptographic key. Thereafter, using a compound conversion key, the interim state data may be further translated into a second encrypted data, which may be characterized as being encrypted by a second public cryptographic key. Therefore, substantively, the method and system disclosed herein may be directed to the translation of encrypted data from one encryption scheme to another while in-flight from a source storage system to a target storage system.

Abstract: An example private processing pipeline may include: a masked decryption unit to perform a masked decryption operation transforming input data into masked decrypted data; a masked functional unit to produce a masked result by performing a masked operation on the masked decrypted data; and a masked encryption unit to perform a masked encryption operation transforming the masked result into an encrypted result.

Abstract: A secure infrastructure onboarding system includes an infrastructure device with an infrastructure device wireless subsystem that it may use to perform wireless key management system discovery operations in response to initialization. A key management system includes a key management system wireless subsystem it uses to perform the wireless key management system discovery operations with the infrastructure device. The key management subsystem may then wirelessly receive an infrastructure device certificate along with an infrastructure device validation key from the infrastructure device, and validate the first infrastructure device based on the first infrastructure device certificate and the first infrastructure device validation key. In response, the key management system may wirelessly transmit a first credential generation key that is configured for use by the first infrastructure device to generate first authentication credentials.

Abstract: A computing system for generating tamper-proof electronic messages is disclosed herein. A service provider application receives an electronic message from a client application. The electronic message comprises an authorization provider (AuP) token that includes a public key of a local signing authority (LSA) and a signed payload that has been signed by the LSA using a private key of the LSA that forms a cryptographic key pair with the public key, the signed payload comprising an indication of a programmatic task to be executed by the service provider application. Responsive to validating the AuP token in the electronic message, the service provider application extracts the public key from the electronic message. Responsive to validating the signed payload based upon the extracted public key of the LSA, the service provider application executes the programmatic task.

Abstract: A system for generating and applying a secure token in a resource distribution network is provided. For example, a headend system generates a global token based on a time duration specified for multiple meters that are in communication with the headend system through at least a mesh network in a normal condition. The global token is associated with the time duration and is applicable to the multiple meters. The headend system causes the global token to be broadcast via a broadcast network. After receiving the global token, the meter verifies the global token and determines the time duration associated with the global token. The meter further connects premises associated with the meter to a resource distribution network for at least the time duration associated with the global token.

Abstract: A network function virtualization system, comprises a request receiving unit that receives a request to a certificate of at least one of data exchanging parties; a private key generator that generates a first private key information using a second private key information stored in a hardware-based isolated secure execution environment, in response to the request; a public key extractor that extracts a public key information of the first private key information; a public key information storage unit that stores the public key information; and a verifying unit that is accessible from the request receiving unit and verifies the certificate using the public key information corresponding to the certificate.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: Techniques, for secure processing of encrypted data on public resources, include receiving first data indicating a sequence of reversible q-bit gates including a first segment for decrypting, a second segment for operating on the decrypted data, and a third segment for encrypting the resulting data. Second data indicates rules for replacing a first sequence of two gates operating on at least one shared bit of an input N-bit word with a different second sequence of one or more gates that produce the same output N-bit word. The second data is used to propagate: a gate from the first segment a distance into the second segment or beyond; and, a gate from the third segment a distance into the second segment or before. This produces an obfuscated sequence of reversible gates. Obfuscated instructions based on the obfuscated sequence of gates are sent to the public resources.

Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.

Abstract: An information handling system may include a circuit board; a processor disposed on the circuit board, wherein the processor includes a media access control (MAC) address and a hidden root key (HRK) encoded therein; and a memory not disposed on the circuit board. The information handling system may be configured to: determine a customer public key (CPK); create a data structure comprising the CPK and the MAC address; encrypt the data structure using the HRK to generate an encrypted structure; and store the encrypted structure in the memory.

Abstract: An example method includes receiving a quantum-resistant double signature (QSDS) message. The QSDS message is generated by digitally signing a quantum SignerInfo (qSignerInfo) attribute of a Quantum Signed Data (QSignedData) message using a private key of a signing party computing system using a quantum-vulnerable signature algorithm. The method then includes verifying the digital signature on the QSDS message, identifying the qSignerInfo attribute in a SignedAttributes value of the QSDS message, transmitting the SignedAttributes value to a QSDS processing computing system, and receiving, from the QSDS processing computing system, a verification notification for the QSignedData message.

Abstract: A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Abstract: Methods and systems as described herein may secure the electronic transfer of assets using two-way handshakes. A second device may initialize a transaction by transmitting a transaction request and a second biometric identifier to a first device. The first device may receive the transaction request and review the second biometric identifier. When the first device recognizes the second biometric identifier, the second biometric identifier may be approved. The first device then transmits a response, that includes a first biometric identifier, to the second device, via a server that may record the first device's approval. The second device may confirm the identity of the first device using the first biometric identifier. When the second device approves the first biometric identifier, the second device may transmit an approval to the server. After the server has received approval of both biometric identifiers, the server may execute the requested transaction.

Abstract: Technologies are shown for secure management of a data file secured on a data file management blockchain that involve generating a genesis block for a data file management blockchain that contains a data file to be managed and signing the genesis block to commit the genesis block to the data file management blockchain. One or more transaction data blocks are generated for the data file management blockchain that each include a modification to the data file and the blocks are signed to commit them to the blockchain. In some examples, the modifications describe changes to the data file and the transaction data blocks are traced to the genesis block and a current data file generated by applying the modifications on the transaction data blocks to the data file in a sequence determined by an order of the one or more transaction data blocks in the data file management blockchain.

Abstract: Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.

Abstract: A system comprises one or more storage entities (SEs) each configured to store data for applications that rely on higher levels of data integrity, wherein each of the SEs has its own cryptographic identity in the form of a unique root identity key pair of public and private keys created at manufacturing time. Each SE generates one or more SE-specific asymmetric data owner keys upon invocation of a smart contract by a prospective data owner. The system further comprises a distributed ledger provisioned to the SEs and configured to maintain all public keys and/or public key certificates of the SEs. The system also comprises a key manager configured to hold all SE-specific data owner public keys and SE data access control keys, wherein the data stored on the SEs is protected by the SE-specific data access control keys wrapped by the SE-specific data owner keys based on current data ownership.

Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Abstract: A data protection method includes generating a decryption key acquisition request through a first operation account when encrypted data is received, obtaining the decryption key from a data security area through a second operation account in response that the decryption key acquisition request is an authorized request, using the decryption key to decrypt the encrypted data through the first operation account and obtaining decrypted data, mounting a data partition, and storing the decrypted data in the data partition through the first operation account.

Abstract: There is provided a method for synchronization of node databases in a database system, said database system comprising a plurality of validation nodes each comprising a node database, and, optionally one or more client nodes, where one of the validation nodes is a primary validation node, the primary validation node having received at least one transaction message from another validation node or a client, the transaction message comprising instructions to modify the node databases, where each of the nodes stores, in its node database, a chain of data blocks, where each data block in the block chain comprises at least a cryptographically unambiguous identifier of the previous data block.

Abstract: Provided are a system and method for authenticating a device through an Internet of Things (IoT) cloud by using a hardware security module. The system includes an IoT device connectable to a cloud which provides an IoT service and a security module connected to the IoT device and configured to generate a pair of public and private keys for authenticating the IoT device. The IoT device transmits a certificate generation request including the public key and a device identifier to an authentication server through the cloud in order to generate a device certificate.

Abstract: Techniques disclosed herein encrypt sensitive data being transmitted from one endpoint to another endpoint through intermediary cloud(s) so that the sensitive data is not visible to the intermediary cloud(s). Double data encryption, utilizing public and private key pairs generated at the endpoints, is used to anonymize the sensitive data, while other data transmitted along with the sensitive data remains unencrypted so that intermediary cloud(s) can process the unencrypted data. In a particular embodiment, one of the endpoints is an application running in a first cloud, the other endpoint is a web browser executing a web application, and the intermediary cloud(s) are additional cloud(s) with applications running therein that provide services to the first cloud or coordinate with the application running in the first cloud to provide a service.

Abstract: There are provided a network identity authentication method, a network identity authentication system, a user agent device used in the network identity authentication method and the network identity authentication system, and a computer-readable storage medium. The network identity authentication method includes: acquiring, by a user agent, identity information and a registration rule of a target website via a network terminal; acquiring registration information for the target website based on the identity information or generating registration information for the target website according to the registration rule; transmitting the identity information and the registration information to a server agent and sending, by the server agent based on the identity information and the registration information, an authentication request to a website server to complete an authentication process.

Abstract: Expedition of retrieval of data from a database and loading of the retrieved data in an associated application. A cache table within the database is provided that associates a session identifier (i.e., a data record identifier) with a sequence identifier. As data records are received into the database, a sequencer is triggered that generates a sequence identifier for the data record and an entry is created in the cache table that associates the sequence identifier with the session identifier. Data is retrieved from the database and populated within the application, by (i) accessing the sequencer within the database to determine the last-in-time sequence identifier, (ii) accessing the cache table to determine a range of cache table entries based on the last-in-time sequence identifier, and (iii) retrieving the data records in the applicable data tables based on the associated session identifiers in the cache table entries.

Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b?1)) with each key share component dj(i) in {0 . . . 2{circumflex over (?)}b?1} and i in [0, n/b?1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . .

Abstract: A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence.

Abstract: A first request to perform an entity resolution operation is received from a first client. The first request is related to a first record uploaded by the first client. The first record has one or more first attributes. The first record is stored in a secure data store. The first request is transmitted to a first program split of a secure multi-party computation. An entity resolution operation is performed by the first program split of the secure multi-party computation and by a third program split of the secure multi-party computation. The entity resolution operation is performed based on the received request. The entity resolution operation is related to the first record and one or more second records uploaded to the secure data store by a second client. The third program split of the secure multi-party computation operates in the secure data store.

Abstract: A digital signature method, a device, and a system of the present invention can generate a partial signature private key T corresponding to a user by a key generation center using a digital signature algorithm based on the EC-Schnorr, and sign a message M by using a standard digital signature algorithm such as the ECDSA. In the calculation of generating the second part w of the partial signature private key T, a signature assignment R is used, and the signature assignment R is a hash digest of a message including at least a pre-signature ? and an ID of a signature side. When signing the message M and verifying the signature of the message M, the operation requiring M as input uses a concatenation of R and M as input. The present invention uses a mechanism to connect two signature algorithms to ensure that the constructed complete algorithm can effectively resist known attacks.

Abstract: An exchange processing system may include multiple exchange components that are respectively included in multiple computing systems. A central exchange component may receive a request to enable access to secured data, the request having identity data encrypted via an identity encryption module and inquiry data encrypted via a first request encryption module. The central exchange component may decrypt the identity data via the identity encryption module, and decrypt the inquiry data via the first request encryption module. Response data may be generated from secured data that is selected based on the identity and inquiry data. The central exchange component may encrypt the response data via a second request encryption module and re-encrypt the identity data via the identity encryption module. The encrypted identity and response data may be provided to a second remote exchange module.

Abstract: An identity of an email-address utilized by a client device is verified. According to one example, a server receives a request for verifying the identity of the email-address and calculates a first verification token, which is transmitted to the email address to be verified. The first verification token is received by the client device, which in response calculates a second verification token. The second verification token is transmitted to the server. The server verifies the identity of the email-address by verifying that the first and second verification tokens are identical. Other examples are disclosed.

Abstract: A method and system for securing in-vehicle ethernet links are disclosed. According to one embodiment, a method comprises receiving from an authenticator, via an insecure channel, a public key of the authenticator, a random number, and a challenge. A private key of the peer that was supplied to the peer is accessed from local storage at the peer. A state machine computes a session key for the peer, based on the random number, the public key of the authenticator, and the private key of the peer. The state machine computes a peer response to the challenge using the session key for the peer and a symmetric cipher function.