Abstract: Various embodiments relate to a method of hashing a message M using a block cipher, including: producing N block cipher inputs by XORing message indices i, . . . i+N?1 respectively with state values S0, . . . SN?1, wherein N is an integer greater than 1; producing N block cipher keys by XORing N different blocks of message M and at least one of state values S0, . . . SN?1 for each of the N block cipher keys; encrypting the N block cipher inputs using the respective N block cipher keys to produce N block cipher outputs; combining the N block cipher outputs with N block cipher inputs to produce N block cipher combined outputs Tt, for t=0, . . . , N?1; calculating Y0=T0; calculating Yt=Yt?1?Tt, for t=1, . . . , N?1, calculating SN?1?=YN?1<<<a, where a is a number of bits to rotate where S0?, . . . , SN?1? are new state values; and calculating St?=Yt?SN?1?, for t=0, . . . , N?2.

Abstract: An access control system and associated devices are described that conceal and securitize data transmissions between one or more secure databases for various user devices to ensure proper entrance or access into secure locations by approved personnel only. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that combine securing communications for wireless/cellular phones with personnel access card readers for entry into secure locations are also described. These combined communication and access devices require using specific encryption techniques that cannot be corrupted and are essential to denying fraudulent or otherwise unauthorized personnel the ability to enter or access security protected devices or locations.

Abstract: The disclosure provides for one or more devices and associated system that securitize and conceal data transmitted to and/or data received from the devices that utilize one or more master keys comprising at least one device that conceals and reveals such that the data and/or associated data files utilize both master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more keys that conceal the data and/or associated data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data and/or cipher data files. The key selectors can also be concealed and revealed as required. Produced concealed data and concealed data files can only be concealed and revealed with one or more master keys and one or more key selectors.

Abstract: A method of computing a message authentication code (MAC) for a message having a common part and an independent part using a constrained processor, including: performing a MAC function on the common part of the message using a first secret key to produce a first output; performing a pseudorandom function on the independent part of the message using a second key to produce a second output, wherein the computation time of the pseudorandom function is significantly less than the computation time of the MAC function; and combining the first output and the second output to produce a computed MAC for the message.

Abstract: One more devices and/or access control systems are described that securitize data and data transmissions using three sets of computing operations including authentication, validation, and securitization that allows or denies access to the data and/or the data transmissions. The system includes securitization of signals between one or more secure master and/or partial DASA databases for various user devices. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that offer the combination of securing communications from user devices with reader devices, are also is provided.

Abstract: Efficient instantiation of encrypted guests is disclosed. In an example, a first host with a first hypervisor is separated from a second host with a second hypervisor by a network. The first hypervisor executes to allocate a requested amount of memory associated with a first guest on the first host. Pages of the requested amount of memory written to by a boot process of the first guest are tracked. The second hypervisor is requested to allocate the requested amount of memory on the second host. All tracked pages written to by the boot process are transferred to the second host. In response to transferring all of the tracked pages, a transfer completion confirmation is sent to the second hypervisor and a second guest that is a migrated copy of the first guest is instantiated on the second host with the transferred pages from the first guest.

Abstract: An access control system with devices that securitize one or more blockchains using three sets of rules including authentication, validation, and access is provided. The system also can include protection of signals between one or more secure DASA databases and/or one or more blockchains for various user devices. The DASA databases may exist external to, along with, or within the blockchains. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications offering the combination of securing communications from user devices with reader devices, are also provided. This disclosure also provides for the securitization and/or encryption of blockchain(s) for ensuring communication signals transmitted from and data residing within databases and/or the blockchain itself are not corruptible or compromised.

Abstract: A noise generation module generates power consumption noise to conceal the power consumption characteristics of a cryptographic module. The cryptographic module performs first non-linear transformation on received data, and the noise generation module performs second non-linear transformation on received data during the operational period of the first non-linear transformation.

Abstract: A device may obtain information included in a corpus of documents relating to an organization. The device may identify a set of values indicating personal information for one or more individuals by using a set of natural language processing (NLP) techniques to analyze the information included in the corpus. The device may determine a set of relationships between one or more values, of the set of values indicating the personal information using one or more additional NLP techniques and/or one or more rules. The device may generate a set of user profiles for the one or more individuals based on the set of relationships between the one or more values indicating the personal information. The device may perform one or more actions associated with using the set of user profiles to service a request for information.

Abstract: In accordance with embodiments of the present disclosure, a management controller configured to provide management-domain management of an information handling system may include a processor and a key management utility embodied in non-transitory computer-readable media. The key management utility may be configured to issue one or more commands to a cryptoprocessor for storing and sealing a key encryption key on the cryptoprocessor, wherein the key encryption key is for decrypting a media encryption key for encrypting and decrypting data stored to a storage resource of a host domain of the information handling system. The key management utility may also be configured to issue one or more commands to the cryptoprocessor for unsealing and retrieving the key encryption key from the cryptoprocessor.

Abstract: Space-efficient key allocations in broadcast encryption systems are provided. In some embodiments, a key bundle is read. The key bundle includes a first cryptographic key, an associated first key identifier, and an associated first cryptographic function identifier. A plurality of encrypted keys is received. Each encrypted key has an associated identifier. A first encrypted key is selected from the plurality of encrypted keys such that the key identifier of the first encrypted is equivalent to the first key identifier. A first cryptographic function is determined corresponding to the first cryptographic function identifier. The first cryptographic function is applied to the first encrypted key using the first cryptographic key to obtain a first intermediate cryptographic key. A content cryptographic key is determined using the first intermediate cryptographic key. The content cryptographic key is adapted for decryption of encrypted content.

Abstract: A communications system, and a method suitable for use therein, are described which are suitable for transmitting and receiving both secure and non-secure data. The system comprises: means for transmitting data comprising both ciphered secure data and unciphered non-secure data; means for receiving transmitted data; means for deciphering the received data to produce deciphered data; and means for: validating the deciphered data to produce a first validation result and outputting the deciphered data depending upon the first validation result; or validating the received data to produce a second validation result and outputting the received data depending upon the second validation result; or validating the deciphered data to produce a first validation result and outputting the deciphered data depending upon the first validation result, and also validating the received data to produce a second validation result and outputting the received data depending upon the second validation result.

Abstract: A method for protecting a vehicle, the method may include providing, by an immobilizer, false error information that is associated with a false error; wherein the false error information, once received or processed by an electronic control unit (ECU) of the vehicle, contributes to an immobilizing the vehicle during a vehicle start process; and sending the false error information to the ECU, during a vehicle shut down process that preceded the vehicle start process.

Abstract: A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network.

Abstract: Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

Abstract: Systems and methods for a random number generator including a systolic array to receive a plurality of first inputs, and to provide a random number output. In one embodiment, the systolic array can be arranged in two or greater dimensions, and each cell of the array comprises a ring oscillator. Data is read from a random access memory to provide the inputs to the systolic array. A linear feedback shift register receives the random number output as a feedback signal used to address the memory to read data to provide as the inputs to the systolic array.

Abstract: A method for providing a computer program for a computing unit of an electronic device, in particular a control device of a motor vehicle or of a household appliance, wherein the method includes: evaluation of properties of the electronic device relating to a susceptibility to side channel attacks and/or fault attacks, as a result of which an evaluation result is obtained, selection of at least one influencing parameter that has an influence on the susceptibility of the electronic device to side channel attacks and/or fault attacks, in particular as a function of the evaluation result, use of the at least one influencing parameter to diversify the computer program for the computing unit.

Abstract: An authentication system includes a terminal having a transmitter, a processor, and a memory, and a server having a receiver, a processor and a memory. The terminal transmits request information to the server. The terminal acquires time information, generates a first one-time password at a pre-determined cycle by using the time information within the terminal, and generates encryption information which is acquired by encrypting the request information using the first one-time password as a key, the encryption information being transmitted from the terminal to the server. The server acquires time information within the server, generates a second one-time password at the pre-determined cycle as the cycle within the terminal by using the time information within the server, generates reference information which is acquired by decoding the encryption information using the second one-time password as a key, and compares the request information with the reference information.

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting an internal state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

Abstract: The Advanced Encryption Standard (AES) cipher can be performed in a manner that preserves the secrecy of cryptographic keys, even under the intense scrutiny of a reverse-engineer observing every aspect of the computation. A method can include loading a key in a non-standard representation. The method can also include processing the key with respect to data in at least three first type rounds and a plurality of second type rounds. The processing the key with respect to data can include either encrypting the data using the key or decrypting the data using the key. The first type rounds can be configured to maintain an order of channels of bits at an output from the order of corresponding channels of bits at an input. The second type rounds can be configured to vary the order of channels of bits at an output from the order of corresponding channels of bits at an input.

Abstract: Aspects of the disclosure relate to a system and method for cryptographically protecting data transferred between spatially distributed computing devices. An intermediary database may be used to facilitate the protected data transfer and/or record the data transfers. A first computing device may transfer, to the intermediary database, encrypted data that may be securely transferred to other computing devices. A second computing device may generate a GUI used to view data available from the intermediary database. Once data is selected by the second device, the second device may transfer a key (or other encryption mechanism) to the first device. The first computing device may encrypt the data using the received key and transmit the encrypted data to the intermediary database. The intermediary database may transmit the encrypted data to the second computing device, and the second computing device may decrypt and use the data.

Abstract: Systems, devices, and methods are described for allowing a first device to learn how to connect to a first network using information that a second device obtained about a second network that is related to the first network. The second device can perform a virtual network discovery of the first network on behalf of the first device. The second device can describe how to initiate one or more connections to the first network by modifying the information the second device obtained about the second network. The second device can send the information identifying how to initiate the connections to the first network to the first device. The first device can automatically initiate connections to the first network without requiring user input.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: An encryption apparatus includes a table generator configured to generate a key table based on each of a plurality of encryption keys, the plurality of encryption keys having different attributes, generate a key-independent table independent of the plurality of encryption keys, and generate an encryption algorithm based on the key table and the key-independent table; and a transmitter configured to transmit the key table and the key-independent table to a client terminal, wherein the table generator and the transmitter are implemented by using at least one hardware processor.

Abstract: Aspects of the disclosure relate to ensuring information security in data transfers by utilizing proximity keys. A computing platform may receive a data collection comprising one or more data sets to be transferred to one or more remote recipient systems, as well as one or more transfer path specifications defining a specific sequence of hop points via which the data collection is to be transferred. Subsequently, the computing platform may receive, from a quorum of authorization devices, a plurality of authorization keys. Based on validating the plurality of authorization keys, the computing platform may encrypt the data collection using the plurality of authorization keys. Then, the computing platform may send the encrypted data collection to a first hop point associated with the specific sequence of hop points defined by the one or more transfer path specifications, so as to initiate a transfer of the data collection to a decryption platform.

Abstract: There is provided an encryption device including a data encryption unit configured to conduct encryption on the basis of a white box model in which at least a part of a plurality of round functions for sequentially conducting encryption processing on an input value is tabulated, and input and output values of the round function are recognizable from an outside. The plurality of round functions each have an encryption function that is tabulated and encrypts an input value in a black box model in which input and output values are recognizable from the outside and an intermediate value is not recognizable from the outside.

Abstract: A method for serving node establishment includes sending, by a network device, information about a micro network time-frequency resource pool to a terminal; and sending measurement configuration information to the terminal. The measurement configuration information instructs the terminal to serve, when the terminal determines that the terminal meets a preset condition of a first measurement event, as a first serving node to send exclusive information of the first serving node on a first time-frequency resource in the micro network time-frequency resource pool according to the information about the micro network time-frequency resource pool, and the first measurement event is any one of the at least one measurement event.

Abstract: In a computer implemented method for generating a random seed with high entropy as an entropy source a machine instruction ‘compare-and-swap’ -CAS- is used to calculate a random seed.

Abstract: Temporal key generation devices and methods are described. One such device of a first domain receives a “seed” to generate a private key associated with a public key for use in a second domain. The device uses the private key in cryptographic operations with the second domain. When the device loses power or is no longer connected to the second domain, the private key may be erased or no longer stored on the device.

Abstract: The disclosure provides for one or more devices and associated system that securitize and conceal data transmitted to and/or data received from the devices that utilize one or more master keys comprising at least one device that conceals and reveals such that the data and/or associated data files utilize both master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more keys that conceal the data and/or associated data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data and/or cipher data files. The key selectors can also be concealed and revealed as required. Produced concealed data and concealed data files can only be concealed and revealed with one or more master keys and one or more key selectors.

Abstract: An access control system and associated devices are described that conceal and securitize data transmissions between one or more secure databases for various user devices to ensure proper entrance or access into secure locations by approved personnel only. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that combine securing communications for wireless/cellular phones with personnel access card readers for entry into secure locations are also described. These combined communication and access devices require using specific encryption techniques that cannot be corrupted and are essential to denying fraudulent or otherwise unauthorized personnel the ability to enter or access security protected devices or locations.

Abstract: One more devices and/or access control systems are described that securitize data and data transmissions using three sets of computing operations including authentication, validation, and securitization that allows or denies access to the data and/or the data transmissions. The system includes securitization of signals between one or more secure master and/or partial DASA databases for various user devices. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that offer the combination of securing communications from user devices with reader devices, are also is provided.

Abstract: The disclosure provides for two or more devices that securitize transmission(s) transmitted to and received from these devices comprising at least one executable coded cipher key(s), at least one executable coded encryption key (ECEK) device that encrypts transmission(s) that uses executable cipher coded key(s), and at least one executable coded decryption key (ECDK) device that decrypts transmission(s) and that also uses at least one executable coded cipher key(s), such that transmission(s) are sent to an encrypter/decrypter memory that stores transmission(s) while the transmission(s) is encrypted and/or decrypted. When encryption/decryption is completed, the transmission(s) is sent to at least one transmitter such that encryption/decryption of the transmission(s) is controlled and manipulated by the executable coded cipher key(s), wherein the executable coded cipher key(s) remain in the computer memory long enough to achieve encryption/decryption completion.

Abstract: An information processing apparatus for encrypting or decrypting data by AES scheme, includes a processor; and a memory storing a first table including mixed components based on exclusive OR of first random components and key data, a second table, and a third table. The processor executes selecting four bytes of sub-round data from the data; a first transformation based on the first table, for each of one-byte data items of the sub-round data, to generate first data by taking exclusive OR of the one-byte data items and the mixed components; a second transformation based on the second table to transform the first data into second data; a third transformation based on the third table to transform the second data into multiple items of third data; calculating exclusive OR of the third data.

Abstract: One feature pertains to methods for generating cryptographic values associated with substitution boxes (S-box). The methods includes first obtaining an input value and a first value. One method includes generating an S-box output value by performing an exclusive OR (XOR) operation on the input value and the first value to generate an intermediate value, and performing a bitwise rotation on the intermediate value by a number of bits equal to the Hamming Weight of the intermediate value. In one aspect, the output of this bitwise rotation is further XOR-ed with a second value. Another method includes generating the S-box output value by performing a bitwise rotation on the input value by a number of bits equal to the Hamming Weight of the input value to generate an intermediate value, and performing an XOR operation on the intermediate value and the first value.

Abstract: A method of encrypting and authenticating messages in a communication system includes generating new keys by receiving a plurality of parameters including at least one of an initial key, a nonce, a sequence number, and a previous key. The method may include applying a mix function to generate a subsequent key based on the plurality of parameters for key rolling. The method may include encrypting and authenticating data using different subsequent keys.

Abstract: A data processing apparatus that encrypts or decrypts data by Advanced Encryption Standard in which a plurality of key data are respectively prepared for a plurality of round processes that are performed in order, includes a selector that selects sub-round data of 4 bytes from input data that is a process target of a first round process; a converter that converts each data of 1 byte of the sub-round data, based on a first table by which a result same as performing a predetermined process is output, to generate converted data of 4 bytes; and an exclusive OR calculator that calculates exclusive OR of the converted data of the sub-round data, respectively, the predetermined process including an encryption process or a decryption process using at least a part of key data prepared for a second round process which is performed later than the first round process.

Abstract: Instructions and logic provide secure cipher hashing algorithm round functionality. Some embodiments include a processor comprising: a decode stage to decode an instruction for a secure cipher hashing algorithm, the first instruction specifying a source data, and one or more key operands. Processor execution units, are responsive to the decoded instruction, to perform one or more secure cipher hashing algorithm round iterations upon the source data, using the one or more key operands, and store a result of the instruction in a destination register. One embodiment of the instruction specifies a secure cipher hashing algorithm round iteration using a Feistel cipher algorithm such as DES or TDES. In one embodiment a result of the instruction may be used in generating a resource assignment from a request for load balancing requests across the set of processing resources.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: A method can include receiving a request from a requestor to a given resource, which requestor is registered to access a set of one or more resources. The request includes a ticket that includes signature data generated by an authenticating entity in response to authenticating the requestor. The signature data may be decrypted to provide a decrypted signature. The ticket may be validated in response to the request based on evaluating the decrypted signature. A response can be provided to the requestor based on the validation, and the response can grant the requestor access to the given resource if the validation determines the ticket to be authentic and authorized for the given resource or the response can deny the requestor access to the given resource if the validation determines to reject the ticket.

Abstract: Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

Abstract: A method of implementing a method of mapping an input message to an output message by a keyed cryptographic operation, wherein the keyed cryptographic operation includes a plurality of rounds using a Feistel network, including: receiving an input having a first half and a second half; performing, by a basic block, a portion of a round function on the second half to produce a portion of an encoded output, and wherein the basic block provides a portion of the second half as a portion of an encoded first input to a next round; and XORing the portion of the encoded output and a portion the first half to produce a portion of an encoded second input to the next round.

Abstract: Methods, systems and apparatus for securing credential distribution are disclosed. One method includes receiving notification from a credential management system that a wireless device is associated with an authenticated user of the credential management system. The method further includes receiving the private network credentials of the authenticated user, storing the private network credentials and the identifier of the wireless device, receiving an authentication request from a router, returning a response to the authentication request to the router, wherein the response includes internet domains and connection bandwidths the wireless device is allowed to use, authenticating the wireless device, ensuring that the wireless device is authorized to receive private network credentials; and distributing, by the cloud system, the private network credentials to the wireless device, thereby allowing the wireless device to obtain local network access with the private network credentials.

Abstract: The present invention makes it possible, in encrypted data verification, to avoid the leaking of information related to the original plaintext, thereby ensuring safety. The system of the present invention is provided with: means (103 in FIG. 1) for generating first and second auxiliary data for verifying whether or not the Hamming distance of a plaintext between a first encrypted data in which input data is encrypted and is recorded in a storage device, and a second encrypted data obtained by encrypting input data of a target to be checked is equal to or less than a predetermined value; and means (402 and 403 in FIG. 1) for taking the difference between the first encrypted data recorded in the storage device, and the second encrypted data, and determining, using the first and second auxiliary data, whether or not the Hamming distance of the plaintext corresponding to the difference between the first encrypted data and the second encrypted data is equal to or less than the predetermined value.

Abstract: A system and method for using mixing functions to generate and manipulate authentication keys based on the data being decrypted to mitigate the effect of side channel attacks based on differential power analysis (DPA). The mixing function may be based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: Electronic logic gates that operate using N logic state levels, where N is greater than 2, and methods of operating such gates. The electronic logic gates operate according to truth tables. At least two input signals each having a logic state that can range over more than two logic states are provided to the logic gates. The logic gates each provide an output signal that can have one of N logic states. Examples of gates described include NAND/NAND gates having two inputs A and B and NAND/NAND gates having three inputs A, B, and C, where A, B and C can take any of four logic states. Systems using such gates are described, and their operation illustrated. Optical logic gates that operate using N logic state levels are also described.

Abstract: A symmetrical iterated block encryption method includes: a bitwise XOR combination of a predetermined data word of a predetermined block with a predetermined data word of a predetermined round key; and a bitwise XOR combination of the predetermined data word with at least one other predetermined data word.

Abstract: Methods and apparatus are disclosed to monitor impressions of social media messages. An example method includes receiving at a server a request for media, the request addressed to a uniform resource locator, the request corresponding to a social media message to be presented with the media, and the request including a user identifier. The method also includes crediting the social media message with an impression based on the request being addressed to the uniform resource locator. The method also includes identifying that the impression corresponds to an original intended recipient of the social media message based on the user identifier matching a second user identifier stored in a list of subscribers that subscribe to receive messages from an original sender of the social media message.

Abstract: A method of implementing a cryptographic operation using a substitution box, comprising: specifying a set of self-equivalent functions for the substitution box; determining the minimum diversification number of the substitution box over the set of self-equivalent functions; comparing the minimum diversification number to a threshold value; including and implementing a cryptographic operation with selected substitution box when the minimum diversification number is greater or equal to a threshold value.