Abstract: A system and method for encryption of data. The system and method utilizes a cryptographic function that provides asymmetric encryption/decryption and digital signing capabilities that are hardened against cyber attack from quantum computers.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: A system comprises a computer including a processor and a memory. The memory storing instructions executable by the processor to transmit an authentication request to a vehicle computer, receive, from the vehicle computer, a response including data proving that the vehicle computer includes confidential information, wherein the data does not convey the confidential information, determine whether the response is valid based on the authentication request, and transmit a warning to the vehicle computer when the response is not valid.

Abstract: Systems, methods and devices for validating and performing operations on homomorphically encrypted data are described herein. The methods include securely transmitting and extracting information from encrypted data without fully decrypting the data. A data request may include an encrypted portion including a set of confidential data. One or more sets of encrypted comparison data may be then retrieved from a database in response to the data request. The encrypted set of confidential data from the data request is then compared with each set of encrypted comparison data using one or more homomorphic operations to determine which set of encrypted comparison data matches the encrypted set of confidential data. If there is a match, this validates the set of confidential data. An encrypted indicator is then generated indicating success or failure in validating the set of confidential data, which may then be forwarded to a party associated with the data request.

Abstract: This disclosure relates to anonymous transactions based on ring signatures. In one aspect, a method includes receiving a remittance transaction. The remittance transaction is generated by a client device of a remitter by assembling unspent assets in an account corresponding to the remitter and masked assets in an account corresponding to a masked participant. Key images are obtained from a linkable spontaneous anonymous group (LSAG) signature of the remittance transaction. Values of the key-images are based on a private key, a public key, and unspent assets of the remitter. The LSAG signature is verified. The LSAG signature is generated by the client device of the remitter based on the private key and the public key of the remitter, and a second public key of the masked participant. The remittance transaction is executed when a transaction execution condition is met.

Abstract: The invention relates to a method for ensuring the authenticity of at least one value of a device property wherein the device property is a characteristic of a device (6). According to the invention, at least one operating value (14, 16) of at least one dynamic device property is signed using a digital key (20), wherein an operating-dependent digital signature (2) is generated.

Abstract: Functional data for use in one or more digital transactions are secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties. The encapsulation and subsequent de-encapsulation can utilize cryptographic systems of the parties that involve a private key for signing and decryption and a public key for encryption and signature verification. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified.

Abstract: A computational apparatus includes a memory unit and Read-Modify-Write (RMW) logic. The memory unit is configured to hold a data value. The RMW logic, which is coupled to the memory unit, is configured to perform an atomic RMW operation on the data value stored in the memory unit.

Abstract: A computer system module(s) substitutes a double scalar multiplication, used for signature verification in an encryption/decryption system, for two single scalar multiplications. The modules verify a group equation defined by [S]B=R+[k]A? of the encryption/decryption system, where S is an integer characterized by the signature, K is an integer generated by a message being encrypted, B is a base point on the elliptic curve, R is a point on the elliptic curve and characterized by the signature, and A? is a public key. The modules optionally rearrange the group equation to [S]B+[?k]A?=R, and convert it to [S]B+[n?k]A?=R, where n is the order of the base point. The modules determine a joint sparse form for the integers S and n?k and apply the Shamir's algorithm to the joint sparse form to verify the group equation.

Abstract: A value corresponding to an input for a cryptographic operation may be received. The value may blinded by multiplying the value based on an exponentiation of a random number raised to an exponent value that is associated with a public key. A cryptographic operation may be performed based on the blinded value.

Abstract: A data system may dynamically prioritize and ingest data so that, regardless of the memory size of the dataset hosted by the data system, it may process and analyze the hosted dataset in constant time. The system and method may implement a first space-efficient probabilistic data structure on the dataset, wherein the dataset includes a plurality of profile data. It may then receive update data corresponding to some of the plurality of profile data and implement a second space-efficient probabilistic data structure on the dataset including the update data. The system and method may then determine a set of non-shared profile data of the second space-efficient probabilistic data structure and prioritize the set of non-shared profile data of the second space-efficient probabilistic data structure over other profile data of the dataset for caching.

Abstract: A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

Abstract: Embodiments described include systems and methods for slogan based sharing of network application objects. The method may include executing a network application on behalf of a client application executed by a first client device. The client application may include an embedded browser. The method may include receiving from the client application a selection of an object of the network application to be shared with a second client device. The method may include selecting a unique sequence of words from a pre-defined list of words, associating the unique sequence of words with the selected object of the network application, transmitting the unique sequence of words to the first client device, and receiving the unique sequence of words from the second client device. The method may include, responsive to receipt of the unique sequence of words from the second client device, accessing the selected object of the network application.

Abstract: A communication device for communication with a network device during EAP-AKA?. The communication device is operative to receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device. The communication device is also operative to receive a cipher key, CK, and an integrity key, IK. Generate a modified cipher key, CK?, and a modified integrity key, IK? based on CK, IK and an access network identity. Operations include calculating a second PFS parameter value. Send the second PFS parameter value to the network device. Calculate a third PFS parameter value. Derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK?, IK? and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.

Abstract: Embodiments of the invention provide enhanced security solutions which are enforced through the use of cryptographic techniques. It is suited for, but not limited to, use with blockchain technologies such as the Bitcoin blockchain. Methods and devices for generating an elliptic curve digital signature algorithm signature (r, w) are described.

Abstract: A server receives a corresponding data value encrypted using a common threshold public key from each of a plurality of clients. The server distributes the received data values to the clients for evaluating comparison of values. The server receives the encrypted comparison results from each of the clients in response to the distribution of the received encrypted data values. The comparison results are encrypted using the common key. The server homomorphically determines a ciphertext encrypting the rank of each client's data value using the comparison results. Further, the server can compute a ciphertext encrypting the median of the datasets. Thereafter, the server can initiate a threshold decryption to generate a final result.

Abstract: According to one or more embodiments of the present invention, a computer implemented method includes computing a hash value of a page of memory of a computer system and comparing the hash value with a previously computed hash value of the page. A per-encryption value per page can be used in encrypting the page based on determining that the hash value matches the previously computed hash value. A modified value of the per-encryption value per page can be used in encrypting the page based on determining that the hash value mismatches the previously computed hash value.

Abstract: Methods and apparatus for code-based asymmetric cryptosystem using Quasi-Cyclic Moderate-Density Parity-Check (QC-MDPC) error correcting codes. Specifically, the method and apparatus generalizes the framework of (QC-MDPC) Code-Based (CB) cryptography from the binary domain (Galois Field of two elements) to an arbitrary size of Galois Field and provides an apparatus for implementing the cryptosystem with a simplified computational complexity of key generation, encryption, and decryption components of the cryptosystems and reduced sizes of the public and private security keys.

Abstract: Provide herein is a method and system capable of authenticating transactions involving at least one service provider and one or more users who are each in electronic communication. This electronic communication can be, for example, SMS, MMS, e-mail, or online account messaging. It is an aspect of certain embodiments where the transaction is an authentication and/or verification of an entity. Examples of such entities are products, actions and users.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for recovering and verifying a public key. One of the methods includes accepting information encoding parameters of an elliptic curve, a published public key, a hash value of a message, a digital signature, and an identification parameter; generating a recovered public key based on the parameters of the elliptic curve, the hash value of the message, the digital signature, and the identification parameter; comparing the published public key and the recovered public key to verify the published public key.

Abstract: Disclosed is an electronic device for performing code-based encryption supporting integrity verification of a message and an operating method thereof. When a data transmission side encrypts a message through code-based encryption and transmits the encrypted message to a data reception apparatus, the data transmission side is allowed to use a hash value generated based on a part of the message as an error in code-based encryption to support the data reception apparatus to verify an integrity of a received message by using the hash value.

Abstract: Provided are an electronic payment method and an electronic device using identity-based public key cryptography. The electronic payment method includes receiving, from a key management service (KMS) server that stores personal information of a user, a private key of the user generated according to an Identity-based public key cryptography (IDPKC) protocol; encrypting payment information by using a public key of a payment device being generated according to the IDPKC protocol, and encrypting order information by using a public key of a seller device being generated according to the IDPKC protocol; producing, according to the IDPKC protocol, a dual signature of the encrypted payment information and the encrypted order information by using the private key; transmitting a transaction request including the dual-signed payment information and the dual-signed order information to the seller device; and receiving a response to the transaction request from the seller device.

Abstract: A system, method and elliptic curve cryptography scheme using an Edwards-form elliptic curve. The elliptic curve cryptography scheme having a blinding protocol resistant to differential side channel attacks. The elliptic curve defined over field F and having a point P with coordinates located on the elliptic curve. The blinding protocol including: randomly selecting a random element I; and determining coordinates of a blinded point PB by performing a multiplication of a random element I by at least one of the coordinates of point P.

Abstract: Method and apparatus for a system to communicate via perfect forward secrecy. A deterministic hierarchy is used to generate public and private keys, offline, on distinct devices, for use with asymmetrical cryptography over an unsecure medium. Because each private key is not transmitted over the unsecure medium, but must be used to de-encrypt the communications, it is very difficult for man-in-the-middle attacks to de-encrypt the communications. Because each private key is generated according to a deterministic hierarchy, a master entity can recreate the private keys and passively monitor the communications while maintaining perfect forward secrecy.

Abstract: There are provided systems and methods for a card storage handler for tracking of card data storage across service provider platforms. A transaction processor may provide a card storage handler that allows for tracking of data storage across different online platforms utilizing a public key of an asymmetric key pair. A user may utilize a device to generate and store the asymmetric key pair. The device may provide the transaction processor with the public key, and a card storage handler may be generated that tracks card data storage on the different online platforms. When the user enters their card data and public key to a service provider, the service provider may issue an API call using that data to the transaction processor. The transaction processor may generate a record of the storage and may allow for encrypted record retrieval by the device using the key pair.

Abstract: Disclosed is a device and method to secure PUF information for authorized entities. In one embodiment, a device for securing physically unclonable function (PUF) information includes: a PUF information generator, comprising a PUF cell array and a helper data generator, configured to generate the PUF information, wherein the PUF information comprises a PUF response and helper data; and a PUF information encrypter, comprising a memory unit and a first crypto-system, configured to store at least one public key and encrypt the PUF information from the PUF information generator using one of the at least one public key.

Abstract: Managing passwords is provided. A machine training process is performed using a set of existing passwords to train a machine learning component. Members of a set of semantic categories are used to categorize respective passwords in the set of existing passwords. Password strengths corresponding to a set of candidate passwords are evaluated using the machine learning component. A resource is secured with a candidate password having a password strength greater than or equal to a defined password strength threshold level.

Abstract: A system and methods include a negative certificate authority for distributed management of negative certificates. An authorization restriction is associated with an untrusted user. A negative certificate generated for the untrusted user includes a public key associated with the untrusted user and an authorization restriction. The authorization restriction includes at least one global restriction, which is applicable to each consortium member that subscribes to the negative certificate. The authorization restriction includes at least one local restriction, which allows individual consortium members to further define their own locally applicable restrictions using the negative certificate authority. The negative certificate is accessible to each member of the consortium to enforce the authorization restriction against a transaction request. A secure contributor record including a unique cryptographically generated address is generated for each contributor.

Abstract: A method of transmitting a message via a blockchain network is provided. A method may include encrypting, via a first identity-based encryption (IBE) function, a message to generate a ciphertext. The method may further include transmitting the ciphertext to each node of a plurality of nodes in a blockchain network. Further, the method may include decrypting, via a second IBE function, the ciphertext at each node of the plurality of nodes in the blockchain network after at least one condition is met.

Abstract: Systems and methods for secure electronic data transfer utilizing an ephemeral key for encryption and decryption of data.

Abstract: A device for securely operating a field device includes: the field device, which includes at least one human-machine interface having a display device and a keyboard for operating the field device, and a communications interface for connecting a local operating device having a secure connection to a trusted server via a communications network, the secure connection being based upon an authentication feature of a local operator. The field device during use as intended does not have a secure connection to a network for process control. The field device provides and stores a query key. The field device is connected, at least logically, to the local operating device. The trusted server has a private key for providing a signed response key. The signed response key is based upon the query key.

Abstract: A secure computation technique of calculating a polynomial in a shorter calculation time is provided. A secure computation system generates concealed text [[u]] of u, which is the result of magnitude comparison between a value x and a random number r, from concealed text [[x]] by using concealed text [[r]]; generates concealed text [[c]] of a mask c from the concealed text [[x]], [[r]], and [[u]]; reconstructs the mask c from the concealed text [[c]]; calculates, for i=0, . . . , n, a coefficient bi from an order n, coefficients a0, a1, . . . , an, and the mask c; generates, for i=1, . . . , n, concealed text [[si]] of a selected value si, which is determined in accordance with the result u of magnitude comparison, from the concealed text; [[u]]; and calculates a linear combination b0+b1[[s1]]+ . . . +bn[[sn]] of the coefficient bi and the concealed text [[si]] as concealed text [[a0+a1x1+ . . . +anxn]].

Abstract: An Integrated Circuit (IC) includes an on-chip non-volatile memory (NVM) and an on-chip processor. The on-chip NVM is configured to store a representation of a device-specific part of a security certificate assigned to the IC. The on-chip processor is configured to obtain a common part of the security certificate, to reconstruct the security certificate from the obtained common part and from the representation of the device-specific part stored in the on-chip NVM, and to perform a security operation using the reconstructed security certificate.

Abstract: There is provided an elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices, with a simple side-channel attack countermeasure. The cryptographic scheme includes: transforming a point to Jacobian projective coordinates; constant-time scalar multiplication of the point by a parameter; and transforming the resultant of the scalar multiplication to affine coordinates. The scalar multiplication including: performing iteratively to the value of the parameter either one of: doubling of the point and multiplying any two random field elements; or mixed addition of the point.

Abstract: Identity systems, methods, and media for auditing and notifying users concerning verifiable claims are provided.

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

Abstract: Application information is received by a client and from a server, and the application information includes an application identifier corresponding to a digital certificate application request transmitted by the client to the server. The application information is delivered to a secure element associated with the client by the client. A public and private key pair are generated by the secure element. The application identifier is signed using the private key to generate terminal signature data. Specified format data is generated by encapsulating the terminal signature data and the public key into the specified format data. The specified format data is transmitted from the secure element to the client. The specified format data is transmitted by the client to the server.

Abstract: Application information is received by a client and from a server, and the application information includes an application identifier corresponding to a digital certificate application request transmitted by the client to the server. The application information is delivered to a secure element associated with the client by the client. A public and private key pair are generated by the secure element. The application identifier is signed using the private key to generate terminal signature data. Specified format data is generated by encapsulating the terminal signature data and the public key into the specified format data. The specified format data is transmitted from the secure element to the client. The specified format data is transmitted by the client to the server.

Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.

Abstract: Provided is a PUF by which an identification key is generated according to a random event caused by a semiconductor process variation. The PUF can provide the identification key as a result of electrical differences among elements. According to one embodiment, the PUF can accumulate the electrical differences and/or instantaneous values without generating the identification key by using the instantaneous values caused by the electrical differences. The accumulation may be the accumulation of a discrete iteration and the result thereof. However, according to another embodiment, the accumulation may be a continuation of the accumulation result during time intervals.

Abstract: A system includes a processing device and memory device to provide a data set to an artificial intelligence filter trained to detect sensitive data based on sensitive data rules and detect one or more sensitive data values in the data set. The one or more sensitive data values are replaced with one or more substitute values in the data set, and the data set is associated with a key value. The data set is sent with the one or more substitute values to a third-party service to obtain a result. The key value associated with the result is identified. The one or more sensitive data values associated with the one or more substitute values are determined based on the key value. The one or more substitute values are replaced with the one or more sensitive data values in combination with a portion of the result to create a modified result.

Abstract: A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

Abstract: An electronic device is provided. The electronic device includes a communication module, a memory configured to store payment information registered in a payment application, and a processor. The processor is configured to select at least one of a plurality of authentication servers based on the payment information, receive authentication information from the at least one authentication server by using the communication module, select at least one payment information of the payment information registered in the payment application based on a user input, select first authentication information, which corresponds to the selected payment information, from among the authentication information, and send second authentication information, which is generated based on the selected first authentication information, to the at least one authentication server corresponding to the selected first authentication information.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to coordinate and manage secure shipment of a package. An example shipment coordination apparatus includes an address generator and a verification engine. The example apparatus includes a shipping group coordinator to generate a group including a sender and a receiver based on a) a first digital address associated with the sender, b) a second digital address associated with the receiver, and c) at least one encryption key associated with at least one of the first digital address or the second digital address, the shipping group coordinator to initiate delivery instruction and manage receipt confirmation of a package at a second physical address corresponding to the second digital address based on verification of a token identifying the receiver and to provide messaging between the sender and the receiver in the group using a group encryption key to keep messages private in the group.

Abstract: Disclosed are various embodiments for sharing documents among users of an enterprise as well as with users external to an enterprise. A document is identified and document components extracted from the document. A browser representation is generated that, when rendered or interpreted by a browser, causes the browser to generate a user interface that presents at least a portion of the document as the document would be viewed by a native viewer.

Abstract: A network device, which can be disposed in a mesh network, and include a WPS button and a processing circuit. The WPS button may trigger a WPS connection process. The processing circuit may be connected to the WPS button. The processing circuit can determine whether the uplink connection of the network device exists; if the uplink connection of the network device does not exist, the processing circuit can implement an uplink connection process; if the uplink connection of the network device exists, the processing circuit can implement a downlink connection process.

Abstract: Technology is disclosed herein for a timestamped license data structure. In at least one implementation, program instructions stored on one or more computer readable storage media, when executed by a processing system, direct the processing system to at least, responsive to a launch of an application, obtain a license file for the application, the license file comprising a license data structure comprising: a user license; a licensing service signature; a licensing service public key; and a trusted timestamp package. The processing system is also directed to analyze the license data structure using the trusted timestamp package to determine if the licensing service public key was valid when the user license was signed by the licensing service signature if the licensing service public key is invalid. If the licensing service public key was valid when the user license was signed by the licensing service signature: enable features of the application.

Abstract: An intelligent transportation system, ITS, station (600) comprising: a host processor (640); and a memory (664) operably coupled to the host processor (640). The host processor (640) is configured to: perform verification per identity that includes precomputation of data for a plurality of neighbouring ITS stations of the ITS station (600); store precomputation data for the verified identity of the plurality of neighbouring ITS stations in the memory (664); and extract from memory (664) and use the stored precomputation data for a respective neighbouring ITS station to perform an accelerated verification of a subsequent message received from that neighbouring ITS station.

Abstract: An online authentication system allows a user to define their own logic for multistage authentication, which is provided to an online authentication center and stored as encrypted bytecode based on each user's password. Implementation logic can use third party information sources to provide additional authentication options.

Abstract: A computer-readable recording medium records a contract creation program for creating a contract image of a contract executed by parties each having private key.