Abstract: Systems, apparatuses, and methods related to a computer system having a processor and a main memory storing scrambled data are described. The processor may have a cache, a register, an execution unit, and an unscrambler. The processor can load the scrambled data into the cache; and the unscrambler may convert the scrambled data into unscrambled data just in time for the register or the execution unit during instruction execution. The unscrambled data can be an instruction, an address, or an operand of an instruction. Unscrambling can be performed just before loading the data item in a scrambled form from the cache into the register in an unscrambled form, or after the data item leaves the register in the scrambled form as input to the execution unit in the unscrambled form. The unscrambled data and the scrambled data may have the same set of bits arranged in different orders.

Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.

Abstract: Disclosed herein is a network encryption method for realizing encryption of a local area network at the bottom layer driver of a network card of an embedded device. By using such method, an encryption protocol is performed on the network card driver, thereby achieving encryption and decryption of all network data in the network card driver within the local area network, and achieving encryption of all data above network linking layer, so as to achieve unified encryption of all data in the local area network, resulting in enhanced safety of transmission of network data. Moreover, since encryption of the network data is performed in the network driver, developers do not need to focus on encryption situation.

Abstract: The present invention enables job log records concerning an image processing apparatus to be managed in such a manner that the job log records can be searched on a server such as a cloud server using attributes and a character string included in an image as the job log records remain encrypted, thereby solving a problem concerning privacy.

Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into relational database keys and methods, apparatus, and articles of manufacture to obtain encoded data from relational database keys are disclosed. Example apparatus disclosed herein include a code determiner to divide a relational database key value into a first number of groups. Disclosed example apparatus also includes an encoded data determiner to determine remainders for respective ones of the groups based on corresponding incremental values, and modify the remainders to obtain the encoded data.

Abstract: A single architected instruction to verify a signed message is executed. The executing includes determining a verify function of a plurality of verify functions supported by the instruction to be performed and obtaining input for the instruction. The input includes a message and a key. Based on the verify function to be performed and the input, a signature of the message is verified.

Abstract: Securely matching encrypted entities by receiving data, segmenting the data into a plurality of categories, selecting encryption key(s) according to a data category of the plurality of data categories, encrypting the data of the data category using the encryption key(s), and comparing the encrypted data to previously encrypted data of the data category.

Abstract: A method includes partitioning a received data chunk into first and second data sectors to be stored in respective first and second store units. The method also includes generating first and second random keys. The method further includes encrypting the first data sector with the second random key, and encrypting the second data sector with the first random key. The first and second random keys are encoded with channel codes. Thereafter, the first encoded random key is appended to the first encrypted data sector to obtain first appended data, and the second encoded random key is appended to the second encrypted data sector to obtain second appended data.

Abstract: The disclosure provides a method for evaluating domain name and a server using the same method. The method includes: retrieving a raw domain name and dividing the raw domain name into a plurality of parts; retrieving a specific part of the parts, wherein the specific part include characters; encoding the characters into encoded data; padding the encoded data to a specific length; projecting the encoded data being padded as embedded vectors; sequentially inputting the embedded vectors to a plurality cells of a long short term memory model to generate a result vector; and converting the result vector to a prediction probability via a fully-connected layer and a specific function.

Abstract: A device, system and method for secure collaborations on encrypted data in a hybrid environment of a homomorphic encryption (HE) enabled device and trusted hardware. A set of computations may be divided into a subset of linear computations and a subset of non-linear computations. The linear computations on the encrypted data may be executed using homomorphic encryption (HE) in the homomorphic encryption (HE) enabled device. The non-linear computations on the unencrypted data may be executed in the trusted hardware in an unencrypted domain and encrypting the result. The results of the linear and non-linear computations may be decrypted and merged to generate a result equivalent to executing the set of linear and non-linear computations on the unencrypted data.

Abstract: A parent cryptographic key associated with a blockchain object is obtained. A number of parties (N) to share control over the blockchain object is obtained. N child cryptographic keys are generated based on the parent cryptographic key by applying a predetermined algorithm to the parent cryptographic key, wherein N is an integer greater than or equal to 2, and wherein the N child cryptographic keys are collectively configured to enable reconstruction of the parent cryptographic key.

Abstract: Data for a plurality of entities that can be offered a plurality of products can be obtained. The data can include categorical data and numeric data. Based on business constraints, some of all of the data can be selected. The selected data can be converted to another set of numeric data, wherein the categorical values are converted to numeric values. Dimensions of the converted data can be reduced to generate another set of data. Based on this another set of data, clusters of entities can be formed. The products can be grouped by assigning a unique product identifier of each product to a corresponding cluster. This grouping of products can be used by a predictive model to predict a likelihood of an entity to purchase a particular product in a future time period. Related methods, apparatus, systems, techniques and articles are also described.

Abstract: A wireless communication method and device include: a transmitting device dividing a to-be-transmitted signal into a plurality of packets by using a pre-agreed key; acquiring a preset equivocation threshold; according to the equivocation threshold, determining a power parameter adjustment factor for each of the packets; for each of the packets, performing power adjustment on a signal of the packet according to a power parameter adjustment factor of the packet; and transmitting the to-be-transmitted signal after power adjustment. After receiving the signal, the receiving device groups the signals according to the pre-agreed key, and calculates the power of each packet; determines a test statistic according to the power of each packet, and determines the test statistic whether the quantity is greater than or equal to a preset statistic threshold. If so, it determines that the signal is a tag signal, and if not, that it is a regular signal.

Abstract: This invention is directed to an encryption communication system for preventing leakage of a common key and improving the confidentiality of communication information.

Abstract: Disclosed are a system and method for generating a symmetrically balanced output to accomplish a plurality of predefined properties. The method comprises a step of receiving a plurality of registers with B bits, an expression length, and a plurality of operators through a receiving module. The method then includes a step of generating a random expression population through a random expression population generation module. Further, the method includes the step of computing a fitness value of the random expression population through a fitness function module. The method then includes the step of providing registers with B bits if a plurality of output bits are having an equal number of 1s and 0s through a conditional module. The conditional module performs mutation in the operators if the output bits are not having an equal number of 1s and 0s.

Abstract: The current document is directed to distributed-secure-storage systems, and processes carried out within the distributed-secure-storage systems, that provide for secure storage and retrieval of secrets within distributed computer systems, including private encryption keys used for client authentication during establishment of secure communications channels. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes.

Abstract: Secure generation of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), by obtaining a hashed message, said hashed message being computed by hashing said message with a public hash function H:{0,1}*?Z*N, generating a first part of the RSA signature from said hashed message and said first private exponent component share, generating a second part of the RSA signature from said first part of the RSA signature and said second private exponent component share, determining the RSA signature from said second part of the RSA signature, and wherein the step of generation of a part of the RSA signature from the smaller private exponent component share among the first and second private exponent component shares is performed using a whitebox protection method and the step of generation of a part of the RSA signature from the bigger private exponent component share among the first and second private exponent component shares is performed using lower security req

Abstract: Disclosed herein are methods, systems, and apparatus for performing parallel execution of transactions in a blockchain network.

Abstract: Embodiments are directed to a method for encrypting data communications, including performing a stochastic procedure between a plurality of nodes, including at least a first node and a second node; collecting a measured outcome of the stochastic procedure, the measured outcome of the stochastic procedure providing a dependent random variable pair; and constructing an encryption key based on one or more correlations identified between at least a first random variable and a second random variable, the first and second random variables forming the dependent random variable pair.

Abstract: A method to transpose source data in a processor in response to a vector bit transpose instruction includes specifying, in respective fields of the vector bit transpose instruction, a source register containing the source data and a destination register to store transposed data. The method also includes executing the vector bit transpose instruction by interpreting N×N bits of the source data as a two-dimensional array having N rows and N columns, creating transposed source data by transposing the bits by reversing a row index and a column index for each bit, and storing the transposed source data in the destination register.

Abstract: A method for thinning and connection in linear object extraction from an image and including the following steps: 1. extracting direction features using various sliding windows from the binary image obtained of linear objects. 2. decomposing the binary image into several binary image layers according to the direction features. 3. extracting thinned curves and endpoints of each binary image layer by conducting curve fitting on each connected component using coordinate information. 4. connecting the thinned curves by computing spatial distances between the endpoints belonging to different thinned curves, angles between the tangential direction and connected direction vectors of the connected points. Finally, the road network image is constructed by overlaying image layers with the thinned curves.

Abstract: Techniques for flexibly controlling data uniqueness which are applicable to different types of data that require different data uniqueness control. Control information mapped by a data storage space of a database is determined. The control information and data to be written into the data storage space is combined to obtain a combination result. The techniques of the present disclosure determine whether there is another combination result that is the same as the combination result. The techniques of the present disclosure, in response to determining that there is another combination result that is the same as the combination result, reject to write into the data storage space the data to be written into the data storage space of the database; or modify the another data in the database.

Abstract: A computer system de-identifies data by selecting one or more attributes of a dataset and determining a set of data de-identification techniques associated with each attribute. Each de-identification technique is evaluated with respect to an impact on data privacy and an impact on data utility based on a series of metrics, and a data de-identification technique is recommended for each attribute based on the evaluation. The dataset is de-identified by applying the de-identification technique that is recommended for each attribute. Embodiments of the present invention further include a method and program product for de-identifying data in substantially the same manner described above.

Abstract: A computer system de-identifies data by selecting one or more attributes of a dataset and determining a set of data de-identification techniques associated with each attribute. Each de-identification technique is evaluated with respect to an impact on data privacy and an impact on data utility based on a series of metrics, and a data de-identification technique is recommended for each attribute based on the evaluation. The dataset is de-identified by applying the de-identification technique that is recommended for each attribute. Embodiments of the present invention further include a method and program product for de-identifying data in substantially the same manner described above.

Abstract: This invention is a system and a method to encode an arbitrary digital string, as a sequence of q-bits subsections thereto, and expressing the possible 2{circumflex over (?)}q strings with an alphabet A, comprised of 2{circumflex over (?)}t letters where t<q, using letter repetition. This encoding makes it possible to build any desired security level (up to perfect secrecy) through a single round of transposition. Vulnerability is credibly appraised through probability calculus; computational complexity is avoided, and the user assumes control over the measure of security associated with their transmission.

Abstract: A computer includes a processor and a memory, the memory storing instructions executable by the processor to arrange data collected by a plurality of sequentially arranged emitters in a sensor according to a nonsequential numerical order of the emitters, transmit the nonsequential numerical order to a vehicle computer according to a secure protocol, and transmit the data to the vehicle computer.

Abstract: Systems and methods for enabling constant plaintext space in bootstrapping in fully homomorphic encryption (FHE) are disclosed. A computer-implemented method for producing an encrypted representation of data includes accessing a set of encoded digits. The method includes applying an inverse linear transformation to the set of encoded digits to obtain a first encoded polynomial. The method includes applying a modulus switching and dot product with bootstrapping key to add an error term to each of the encoded digits in the first polynomial to obtain a second encoded polynomial. The method includes applying a linear transformation to the second encoded polynomial to obtain a first batch encryption. The method includes applying digit extraction to the first batch encryption to obtain a second batch encryption, the second batch encryption corresponding to the set of encoded digits without the error term.

Abstract: A mobile payment method includes the steps of making an online purchase at an online store with payment information being received by a web browsing capable device. The web browsing capable device connects to a server and a payment request including a VID is sent to the server. The server verifies the VID. A mobile payment device is connected to the server. A token request is sent to the mobile device upon verification of the VID. A token response is sent to the server. Information is archived to a database and a cookie associated with the VID is created. The cookie with associated VID is archived. A payment response is sent to the web browsing capable device. An authorization request is sent to the online store, and the online store authorizes the transaction with a payment network.

Abstract: An integrated circuit may implement a masked substitution box that includes substitution function components, a decoder, and a logic component. Each of the substitution function components may receive a same input value and a different mask value and may generate a respective output mask value based on the same input value and respective different mask value The decoder may receive an input mask value and generate a decoded output value that is based on the received input mask value. The logic component may select one of the output mask values from one of the substitution function components based on the decoded output value.

Abstract: A system and methods for anonymizing data for distribution on a distributed ledger arrangement is provided. The design includes receiving initial data at a computing device, the initial data relating to an initiating party, removing, at the computing device, personal identifying information from the initial data, thereby creating personal identifying information scrubbed data, anonymizing the personal identifying information scrubbed data on the computing device using DNA processing, thereby creating DNA processed scrubbed data, and providing the DNA processed scrubbed data from the computing device to the distributed ledger arrangement.

Abstract: A data interaction method, a verification terminal, a server, and a system are described. The method includes: receiving, by a verification terminal, identity verification information from a user terminal, the identity verification information being information sent to the user terminal by a server in advance; sending, by the verification terminal, a request instruction to the server, the request instruction including the identity verification information; executing, by the server, an operation corresponding to the request instruction; and sending, by the server, feedback information to the verification terminal.

Abstract: According to one aspect of the present invention, a sensor for diagnosing a physiological or physical state includes a measurement system configured to determine clinical data for one or more parameters related to the physiological or physical state, a first memory configured to store the clinical data, a transmitter configured to transmit the clinical data according to a first communications protocol, a receiver configured to receive enhanced data according to a second communications protocol, and a second memory configured to store the enhanced data. The enhanced data is based on the clinical data.

Abstract: Provided is a method according to one embodiment of the present invention comprising the steps of: (a) a server generating, by means of a hash function, a message digest (MD) of a particular file when a request for authenticating same is obtained; (b) when an MD encoded with a private key of a particular user is obtained, and if (A) information for the MD, which was encoded with the private key of the particular user, decoded with a public key of the particular user matches (B) the MD generated in step (a), then the server registering, in a database, a hash value of the MD encoded with the private key of the particular user and a private key of the server; and (c) the server obtaining a transaction ID.

Abstract: A method for automated authentication of a user VoIP phone supported by a Private Branch eXchange (PBX) configuration server is provided. A VoIP phone or a VoIP supported device is configured for an automated authentication by a vendor. The authentication method does not require manual entry of authentication data by a user. The unique VoIP phone authentication data can be provided by the vendor in a form of a MAC address. Additionally, the vendor can assign a digital certificate (containing public and private encryption keys) signed by the vendor to the VoIP phone. In this case, the VoIP phone vendor serves as a trusted authority. Thus, the VoIP phone automatically connects with the configuration server and the authentication transformation server (ATS) and the address where the VoIP phone sends the authentication data upon connection to the network is determined by the ATS.

Abstract: Disclosed are an elliptic curve point multiplication operation method and apparatus. The elliptic curve point multiplication operation method comprises ordered point multiplication and point addition operations. In a point addition operation process, when scanning that a current bit of a scalar K is not 0, a true point addition operation is executed, and when scanning that the current bit of the scalar K is 0, an equivalent point conversion operation is executed; the result of the true point addition operation and the result of the equivalent point conversion operation are stored in an identical register file, the register file comprising multiple registers. According to the elliptic curve point multiplication operation method and apparatus, side channel analysis and security error attack can be effectively resisted.

Abstract: A method and system for storing and retrieving a packaging hierarchy of traceable physical items includes at an item marking location, marking physical items to be packaged in the packaging hierarchy, with a unique code with a first and second identifier, transferring packaging relationships between the codes to a track and trace system, identifying for each code in the packaging relationships, hierarchical code relations expressed as parent and/or child codes, and for each code, storing the hierarchical code relations in a section of a data storage location of the first computer system, wherein a start position of the section is determined by a combination of the first and second identifiers of the code.

Abstract: A transmission system includes a first security unit coupling to application ends, a second security unit coupling to a user end, and a server. The server sends a first attribute key to the first security unit based on attributes of the application ends and sends a second attribute key to the second security unit based on attributes of the user end. To enable one application end, the first security unit encrypts a session key with the first attribute key, opens a socket, and sends the encrypted session key to the server. When the second security unit receives a request for the application end, the server sends the encrypted session key to the second security unit. The second security unit decrypts the encrypted session key with the second attribute key and connects to the socket. The second security unit interchanges information with the first security unit via the session key.

Abstract: The present disclosure relates to a sparse-coded ambient backscatter communication method and a system. According to the sparse-coded ambient backscatter communication method, in an ambient backscatter system including an access point and a plurality of sensor nodes, each sensor node transmits a code word in a non-orthogonal multiple access (NOMA) manner using sparsity of a signal by a duty cycling operation and the access point detects a superimposed signal transmitted in the NOMA manner by an iterative decoding method in which a dyadic channel and intersymbol interference are reflected. The present disclosure may reduce the implementation cost by reducing the number of impedances required to modulate data of a batteryless sensor node in an Internet of Things environment and utilize the dyadic backscatter channel to detect a signal, thereby providing massive connectivity of the access point.

Abstract: The present disclosure involves a hardware-supported 3D-stacked NVM data compression method and system, involving setting a first identifier to mark a compression state of written-back data, the method at least comprising steps of: dividing the written-back data into a plurality of sub-blocks and acquiring a plurality of first output results through OR operations among the sub-blocks, respectively, or acquiring a plurality of second output results through exclusive OR operations among the sub-blocks, and determining a compression strategy for the written-back data based on the first output results or the second output results; and setting a second identifier to mark a storing means of the written-back data so that the second identifier is in pair with the first identifier, and configuring a storage strategy for the written-back data that includes at least rotating the second identifier.

Abstract: An information handling system includes a memory for storing user data and a processor. The processor is configured to create a key, create a puzzle from the key, publish the puzzle to a ledger; encrypt user data in the memory using the key; retrieve the puzzle from the ledger when a user has lost access to the key; solve the puzzle to recover the key; and decrypt the user data.

Abstract: The present innovative solution solves the problem of generating pseudo-random numbers that have practically infinite period, while requiring limited processing resources and operating significantly faster that known pseudo-random number generators. A sequence of pseudo-random numbers is created by a linear congruential generator using a large seed number and the sequence is used to create a big number. The big number is formed by raising each of at least two pseudo-random numbers and their sum to the same power. The big number is then selectively split into a sequence of aperiodic pseudo-random numbers which are output for use in any suitable application and for seeding the present generator.

Abstract: A device includes a first memory circuit, a second memory circuit and a processing circuit. The memory circuit is configured to store a distinguishable identification (ID). The second memory circuit is configured to store first hash data, wherein the first hash data is generated according to the distinguishable ID. The processing circuit is configured to generate second hash data according to the distinguishable ID when the device is powered on, and to compare the first hash data and the second hash data to determine whether the second hash data matches the first hash data.

Abstract: Disclosed is a method for authenticating a user by using an electronic apparatus including an authentication module and a secure module, which includes the following steps: the authentication module transmits a recognition result to the secure module according to a process that allows the authentication module to be authenticated by the secure module; the secure module generates an authentication token by signing, with a private key stored in the secure module, data including data representing at least one feature of the authentication module; and transmitting the generated authentication token. Also disclosed is an associated secure module, electronic apparatus and system.

Abstract: An iterative calculation is performed on a first number and a second number, while protecting the iterative calculation against side-channel attacks. For each bit of the second number, successively, an iterative calculation routine of the bit of the second number is determined. The determination is made independent of a state of the bit. The determined iterative calculation routine of the bit is executed. A result of the iterative calculation is generated based on a result of the execution of the determined iterative calculation routine of a last bit of the second number.

Abstract: Examples associated with printer encryption are described. One example printer includes a data store to store a one-time pad. An encryption module may encrypt a message using the one-time pad. The encryption module also transmits the encrypted message to a trusted device that stores a copy of the one-time pad. A decryption module uses the one-time pad to decrypt a received message form the trusted device. The decryption module also controls the printer to perform an action based on the received message. A refresh module replaces the one-time pad during a service event.

Abstract: A method for encrypting database data includes generating an encryption key for a first file stored in a data store, wherein a table in a database comprises an entry pointing to the first file. The method includes generating a second file by encrypting the data the first file in the data store using the encryption key without modifying the first file. The method includes, in response to generating the second file, modifying the entry in the table to point to the second file, wherein the modification of the entry is performed atomically. A process for rekeying from the first file to the second file may happen in the background without blocking, interfering, or otherwise obstructing user interaction with a database system.

Abstract: Various systems, mediums, and methods herein describe mechanisms that enable client devices to have access to data based on various address configurations. A smart phone system may be configured to receive a request. The smart phone system may also be configured to determine an address based at least on the request received, where the address provides access to data on a website. The smart phone system may also determine the address based on a receipt of the address generated by a server system. The smart phone system may also determine a timestamp associated with a transfer of the address at a geolocation. The smart phone system may also determine one or more time periods from the timestamp associated with the transfer of the address at the geolocation. The address may provide access to the data on the website during the one or more time periods.

Abstract: A method for securing an instant messaging (“IM”) conversation between at least a first and a second user, the first and second users having a first and a second client, respectively, in communication over a network, the method comprising: receiving a command from the first user through an input device and a graphical user interface (“GUI”) presented on a display of the first client to disable copying of the IM conversation; and, transmitting a message to the second client to inform the second client and the second user that copying of the IM conversation has been disabled.

Abstract: A method and a messaging system for providing encoded communication between users of a network. The method includes the steps of encoding and decoding of messages with electronic devices using a default code, providing at least one n-gram to a user, wherein the n-gram includes a sequence of at least two characters, defining a replacement rule by selecting the at least one n-gram and assigning the selected n-gram to at least one replacement code character, and activating the replacement rule by substituting each appearance of the selected n-gram in a first message with the replacement code character.