Abstract: A CRL can be divided into a number of segments. The number of segments into which the CRL is divided can be determined by using a predefined number of serial numbers per segment. The segment in which a particular certificate is included can be determined by application of a consistent hashing algorithm to the serial number of the certificate to determine in which segment the serial number will be found if revoked, thereby increasing the efficiency of determining the revocation status of the certificate. Metadata common to each CRL can be cached on each server and on the remote cache. The segments themselves can be cached in the remote cache. Storing the segments only in the remote cache decreases resource consumption (e.g., amount of memory used in the local cache). Storing the segments in the remote cache enables optimization for locality.

Abstract: A first device may be coupled to a second device over a network. The first device may maintain a first cryptocurrency wallet and may include mining circuitry that generates cryptocurrency rewards for the wallet. The first device may transmit a communications request to the second device. The second device may transmit payment information identifying a second wallet and a selected authentication amount to the first device. The second device may select the authentication amount to perform a desired amount of device connection rate limiting. The first device may generate an authentication transaction for a cryptocurrency network to transfer the authentication amount from the first wallet to the second wallet. The second device may determine whether the authentication transaction has been verified by the cryptocurrency network. In response to determining that the authentication transaction has been verified by the cryptocurrency network, the second device may establish the communication link.

Abstract: A method includes repeatedly charging and discharging a capacitor, where the capacitor is charged based on illumination received at a pixel. The method also includes comparing a voltage stored on the capacitor with a reference voltage using a comparator. The method further includes incrementing or decrementing a first counter value of a first counter each time a comparator output indicates that the capacitor voltage has reached the reference voltage during a first period of time. The method also includes incrementing or decrementing a second counter value of a second counter each time the comparator output indicates that the capacitor voltage has reached the reference voltage during multiple smaller second periods of time within the first period of time. In addition, the method includes resetting the second counter for each second period of time and generating a pixel event indicator in response to the second counter value obtaining a value indicative of a bright intensity event.

Abstract: A system, a computer readable storage medium, and methods for delivering content from a zero-knowledge edge server node in a content delivery network to an end user device, ensuring content control by a content provider (i.e. reduce piracy) while ensuring privacy of an end user device. One method includes publicizing that a particular content is available for download from the server node; initiating with the server node a communication session using a zero-knowledge protocol between the end user device and the server node operating in zero knowledge; downloading, while in the communication session, the particular content from the server node to the end user device; and receiving a response message from the end user device, including an indication of a content media player application, using the particular content, successfully executed at the end user device. The indication can be accompanied by a cryptographically verifiable proof of integrity.

Abstract: Embodiments implement leakage-free order-preserving encryption by assigning a distinct ciphertext for each plaintext, including repeated plaintext whose ciphertext is randomly inserted. In order to conceal insertion order, the randomized ciphertexts are compressed to minimal ciphertext space. A uniform distribution is achieved by rotating about a modulus on the ciphertexts rather than the plaintexts. The resulting ciphertext distribution has no leakage from the ciphertexts—even if an adversary has perfect background knowledge on the distribution of plaintexts. The encryption may be further secured even against passive query monitoring attacks by hiding the access pattern using ?, ?-differential privacy, such that the adversary observing a sequence of queries will not learn the frequency of plaintext. The leakage-free order-preserving encryption may be converted into an adjustable encryption scheme to allow querying (e.g., on a remote server).

Abstract: A method for confidentially querying an encrypted database hosted by a server. The user transmits, to the server, a request including a predicate. The predicate is evaluated in an encrypted manner on different records of the database. The records that satisfy the query are transferred blindly into a container. The container is transmitted to the user who decrypts the content of same. If the container is full, the user sends a continuation request to the server. If this is not the case, the records of the successive containers that have already been decrypted form the response to the request.

Abstract: Embodiments of the present invention provide a persistent integration platform for conducting a multichannel resource transfer. In particular, the system may utilize a multi-step and multilayered authentication process across multiple disparate computing systems to complete the resource transfer process. In some embodiments, the system may utilize a persistent element which may be accessed by the user across multiple devices which aids in the resource transfer. The system may further require the user to authenticate with multiple methods across the multiple devices, which increases the security of the resource transfer process.

Abstract: In accordance with an embodiment, described herein is a system and method for enabling content tethering for a content management system. A content tethering component can receive an indication to link (tether) content items of a content management system to one another, and associates the content items in a hierarchical structure according to the linking. Content items can exist and evolve independently, can be placed under different folder hierarchies, and can be managed by the same or different users. The hierarchical structure can indicate relationships between linked content items, and notify users associated with linked items in response to events (e.g., modifications or deletions) affecting those documents. A security data can be used to determine permissions and privileges for particular users with respect to particular items. In an embodiment, the content tethering component can be provided as a pluggable module for use with existing content management systems.

Abstract: The present invention is an platform and/or agnostic authentication method and system operable to authenticate users, data, documents, device and transactions. Embodiments of the present invention may be operable with any client system. The authentication method and system are operable to disburse unique portions of anonymous login related information amongst multiple devices. These devices and the disburse unique portions of anonymous login information are utilized by the solution to authenticate users, data, documents, device and transactions. Login-related information is not stored in any portion of the solution, users and devices are anonymously authenticated. The solution also permits a user to access secured portions of the client system through a semi-autonomous process and without having to reveal the user's key.

Abstract: Systems and a method for computationally analyzing genetic base pairs are provided. In one or more aspects, a system includes a memory and a processor coupled to the memory. The processor is configured to receive a number of genetic sequences from a genetic sequencer device. The processor can generate, for each genetic sequence, a binary sequence. Each binary sequence is partitioned into a set of binary strings. Each binary string includes multiple binary base pairs. A set of entropy values are determined, each entropy value is associated with a binary string, and an entropy distribution function (EDF) is generated based on the set of entropy values.

Abstract: A vehicle system includes a plurality of electronic control devices respectively includes a first processor configured to control each unit of a vehicle; and a management electronic control device that includes a second processor configured to manage the plurality of electronic control devices, wherein when an encryption key used to verify a message is updated to another encryption key, the second processor transmits a first message that includes a controller area network identifier (CAN-ID) that identifies the message and a second message that includes the another encryption key to a network, and when the CAN-ID of the message included in the first message is a CAN-ID to be processed, the first processor updates the encryption key used to verify the message to the another encryption key included in the second message.

Abstract: Authentication mechanisms are disclosed. For example, an enterprise associated number or a social security number (SSN) can be provided to enter a first level. Then, any one of a ZIP code number, a device identifier, a date of birth, and a portion of the SSN can be provided to access applications in the first level. Lastly, a PIN can be provided to enter a second level of the enterprise. Additionally, these authentication mechanisms can be added and/or changed. In the former case, if a user used a SSN to enter the mentioned first level, then a date of birth can be used to update an authentication mechanism. Alternatively, if a user used an enterprise number to gain such access, then part of the SSN can be used for the update. If the user wants to change the authentication mechanism, the date of birth can be used for the update.

Abstract: This document describes a system and method for configuring a second wireless device to access a wireless network using a first wireless device whereby one-round key exchange protocol is adopted to share the wireless network's configuration data with the second wireless device in an efficient and secure manner.

Abstract: Method for creating a signal for time-stamping of documents (A), comprising the following steps: a) selecting a digitally stored reference document (D1-D3), which is a digital sample of the current state of a certain reference source at a certain first point in time, where the truthfulness of each reference document can be verified by consulting one or several publically available information sources concerning the historic state of said reference source; b) using the reference document as an input values to a one-way function, and calculating the corresponding output value; c) updating the signal based upon the said output value, so that the said output value (P1-P3) is constituted by or can be determined based upon the value of the signal; and d) repeating from a) using another digitally stored reference document which is a sample of the current state of the same or another reference source at a subsequent point in time.

Abstract: A method for a first entity and a second entity to establish a shared secret, wherein the first entity and the second entity each have a respective asymmetric key pair that comprises a public key and a corresponding private key, wherein the method comprises: the first entity generating a protected item of software that comprises a representation of the public key of the first entity and a message generator that is configured to use an authentication key; the first entity providing the protected item of software to the second entity; the second entity executing the protected item of software, said executing comprising the message generator generating a message that represents the public key of the second entity and that comprises authentication data generated using the authentication key so that integrity of the message is verifiable using a verification key corresponding to the authentication key; the first entity obtaining the message from the second entity; in response to a set of one or more conditions bei

Abstract: Preference data is received. The received preference data is compared to stored preference data associated with a user with which the received preference data is associated. A determination is made whether to authorize an action based at least on the comparison. The preference data is received as a selection.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for recovering and verifying a public key. One of the methods includes accepting information encoding parameters of an elliptic curve, a published public key, a hash value of a message, a digital signature, and an identification parameter; generating a recovered public key based on the parameters of the elliptic curve, the hash value of the message, the digital signature, and the identification parameter; comparing the published public key and the recovered public key to verify the published public key.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising: a memory configured to store a user key specific to a particular user or token; software code; a token relating to a second apparatus, the token comprising the user key and the software code, and at least one processing core configured to: participate in an interaction with the second apparatus, the interaction being based at least partly on the token and the user key and the interaction comprising transmitting the token to the second apparatus.

Abstract: A computer-implemented method for performing authentication includes: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in a set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; and generating a time service certificate including the trusted time, the root hash, and the digital signature.

Abstract: The invention provides a file storage method, a file search method and a file storage system based on public-key encryption with keyword search. The method comprises: receiving a user file storage request sent from a data possessor, acquiring access control attribute information for access to a user file, security level parameters and a keyword set of the user file, generating a file attribute vector of the user file by means of the access control attribute information and the keyword set, acquiring a public-secret key pair used for encrypting the file attribute vector from a pre-generated key space, encrypting the file attribute vector by means of a public key in the public-secret key pair to obtain a ciphertext corresponding to the file attribute vector, and transmitting the ciphertext corresponding to the file attribute vector and a ciphertext of the user file to a preset storage server.

Abstract: A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.

Abstract: The present invention provides a method and system for verifying and tracking transactional information. In an embodiment of the invention, a system for delivering security solutions is provided that includes at least one of the following: a radio frequency (RF) identification device, an identification mechanism (e.g., a card, sticker), and an RF reader.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point , wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: A certificated quantum cryptography method is provided. The method is performed by a quantum cryptography server connected to a first communication device and a second communication device which perform quantum key distribution. The method includes step of receiving a first quantum public key generated by the first communication device and a second quantum public key generated by the second communication device and registering measurement outcomes of the first and second quantum public keys. When first basis information and second basis information acquired by performing quantum key distribution between the first and second communication devices are signed and exchanged, the method includes the step of receiving a third quantum public key and a fourth quantum public key.

Abstract: Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: A computer-implemented method for sensing streaming data comprises recursively sampling an input stream of data using overlapping windowing to obtain at least one previous measurement regarding the input data stream, and employing the at least one previous measurement for obtaining a subsequent measurement.

Abstract: Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required. The keys may be used as private keys for encryption, decryption, digital signatures or authentication tokens and each key is generated from a key index. The circuits used by a quorum of participants for the generation of keys feature nested non-linear devices connected in series with outputs multiplied by stored secret values. Example applications are described including blinded cipher text generation, a multi-signature cryptocurrency system and an encrypted cloud storage system.

Abstract: In systems and methods of managing a document with an authenticated document biosignature, a processor of a verification device may receive an image based on a user selection. The processor may calculate a base verification score associated with a user based on at least one identification input, the identification input including one or more identification features, wherein at least one of the identification features includes a biometric identification feature. The processor of the verification device may generate a glyph based on the selected image, the base verification score and the at least one identification input. The glyph may be associated with a document, and may be used to verify the identity of the user associated with the glyph.

Abstract: The present invention provides a method and system for verifying and tracking identification information. In an embodiment of the invention, a system for delivering security solutions is provided that includes at least one of the following: a radio frequency (RF) identification device, an identification mechanism (e.g., a card, sticker), and an RF reader.

Abstract: A new version of a structured collection of information, different from a previous version, of a cryptographic domain is created. The new version is created to be verifiable as a valid successor to the previous version and to specify a new set of quorum rules, with the new set of quorum rules defining one or more conditions to be fulfilled by a plurality of operators as conditions precedent to update the structured collection. The new version is provided to the plurality of operators. Digital signatures corresponding to the new version are obtained, and, as a result of the digital signatures received fulfilling the one or more conditions defined by a previous set of quorum rules specified by the previous version, the new version is caused to replace the previous version.

Abstract: The present invention provides a method and system for verifying and tracking identification information. In an embodiment of the invention, a system for delivering security solutions is provided that includes at least one of the following: a radio frequency (RF) identification device, an identification mechanism (e.g., a card, sticker), and an RF reader.

Abstract: A system is provided that determines a location of a user based on various criteria. The system may detect the location of a user based on the location of the user's voice and the location of the user's device, as determined using a beacon signal. The system may process data representing the user's voice and device locations using a model to determine a confidence that a user is at a particular location. Based on the determined location, the system may perform various actions.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: A method (400) of encrypting data at an electronic device (3) where the electronic device is associated with a key device (5). Each device is associated with an asymmetric cryptography pair, each pair including a first private key and a first public key. Respective second private and public keys may be determined based on the first private key, first public key and a deterministic key. A secret may be determined based on the second private and public keys. The data at the electronic device (3) may be encrypted using the determined secret or an encryption key that is based on the secret. Information indicative of the deterministic key may be sent to the key device (5) where the information may be stored.

Abstract: The present invention provides a method and system for verifying and tracking identification information. In an embodiment of the invention, a system for delivering security solutions is provided that includes at least one of the following: a radio frequency (RF) identification device, an identification mechanism (e.g., a card, sticker), and an RF reader.

Abstract: Apparatuses for computing are disclosed herein. In embodiments, an apparatus may include one or more processors, a memory, and a compiler to be operated by the one or more processors to compile a computer program. The compiler may include one or more analyzers to parse and analyze source code of the computer program that generates pointers or de-references pointers. The compiler may also include a code generator coupled to the one or more analyzers to generate executable instructions for the source code of the computer program including insertion of additional encryption or decryption executable instructions into the computer program, based at least in part on a result of the analysis, to authenticate memory access operations of the source code.

Abstract: To encrypt and distribute a message, a processor of a sender device may determine a public key associated with a recipient identifier. The processor may request confirmation of a the recipient identifier from a central authority server. The processor may receive the confirmation of the recipient identifier from the central authority server. The processor may encrypt the message using the public key to form an encrypted message. The processor may distribute the encrypted message. The encrypted message may be decipherable using a private key associated with the recipient identifier and used by a recipient device to securely interact with the distributed blockchain.

Abstract: Systems, methods, and software can be used to write system software on an electronic device. In some aspects, an instruction to write system software on an electronic device is received from a booting device that is different than the electronic device. In response to the instruction, a boot loader on the electronic device is invoked. A password is received from the booting device. Whether the received password matches a high level operating system (HLOS) password stored on the electronic device is determined. If the received password matches the HLOS password, the system software is written on the electronic device. If the received password does not match the HLOS password, the writing of the system software is halted.

Abstract: A destination address is processed to determine if the destination address is a fake web address or hyperlink. The destination address may be compared with a database of known domain names to see if the domain name is legitimate or illegitimate. The designation address may also be compared to other domain names to see if it is an honest or dishonest transformation of the other domain names. Appropriate action may be taken if the designation address is a dishonest transformation of another domain name.

Abstract: An example of a system and method implementing a live migration of a guest on a virtual machine of a host server to a target server is provided. For example, a host server may utilize a flow key to encrypt and decrypt communications with a target server. This flow key may be encrypted using a receive master key, which may result in a receive token. The receive token may be sent to the Network Interface Controller of the host server, which will then encrypt the data packet and forward the information to the target server. Multiple sender schemes may be employed on the host server, and various updates may take place on the target server as a result of the new location of the migrating guest from the host server to the target server.

Abstract: A consent receipt management system is configured to: (1) automatically cause a prior, validly received consent to expire (e.g., in response to a triggering event); and (2) in response to causing the previously received consent to expire, automatically trigger a recapture of consent. In particular embodiments, the system may, for example, be configured to cause a prior, validly received consent to expire in response to one or more triggering events such as: (1) a passage of a particular amount of time since the system received the valid consent (e.g., a particular number of days, weeks, months, etc.); (2) one or more changes to a purpose of the data collection for which consent was received; (3) one or more changes to a privacy policy associated with the consent; (4) one or more changes to one or more rules that govern the collection or demonstration of validly received consent; etc.

Abstract: An example multiply accumulate (MACC) circuit includes a multiply-accumulator having an accumulator output register, a scaler, coupled to the multiply accumulator, and a control circuit coupled to the multiply-accumulator and the scaler. The control circuit is configured to provide control data to the scaler, the control data indicative of: a most-significant bit (MSB) to least significant bit (LSB) range for selecting bit indices from the accumulator output register for implementing a first right shift; a multiplier; and a second right shift.

Abstract: A cryptographic services management engine may provide a single point of interaction for both users and administrators to manage and consume cryptographic services. Such an engine may allow centralized control over cryptography parameters, ensuring enterprise security standards are maintained while abstracting the complexity and potential for error away from users. Automating cryptographic maintenance tasks may avoid outages caused by expired or incorrect certificates, and improve reliability and predictability of critical infrastructure services.

Abstract: The present invention involves with a method of searchable public-key encryption, a system and server using the method.

Abstract: In an ultra-wideband (“UWB”) communication system comprising a pair of UWB transceivers, methods for securely performing channel sounding. In a first GCP Sync method, a pre-determined set of Golay Complementary Pairs is added to an 802.15.4a frame. In a second CLASS method, a cyphered low auto-correlation sum set is added to frame. In a third LCSSS method, a low cross-correlation sidelobe sum set is added to the frame. In general, these methods are adapted to transmit a pseudo-randomly generated codeset which may have inherent sidelobe distortions, and then, in the receiver, to compensate for this, and any channel-induced, distortion by selectively modifing the cross-correlation codeset.

Abstract: This invention discloses a method and apparatus for protecting message sender identity in an instant messaging system. Upon receiving an instant message via the instant messaging system, the system may withhold the identity of the sender while pushing the message to the other users in the communication channel. Identity withholding is controlled by the sender on his or her device. The disassociated message is displayed in a style that is common to users, for example, displaying in the middle, displaying in a common location, or even displaying in random locations on a screen of the message thread. Although someone can take a screenshot of a message, the screenshot does not contain any information that can be used to identify the actual sender of the message. In this case, users may generally rely on the context to appreciate the dynamics and/or flow of the conversation. The invention thus enables information sharing in an instant messaging system without the concern of screenshot.

Abstract: Identity authentication comprises: determining, in response to a request from a first device operated by a source user, that an identity authentication is to be performed for the source user; identifying a target user who is deemed to satisfy at least a preset condition, the target user being a user other than the source user; generating validation information to authenticate identity of the source user; sending the validation information to a second device operated by the target user; receiving a validation response from the first device operated by the source user; and performing identity authentication, including verifying whether the validation response received from the first device operated by the source user matches the validation information sent to the second device.

Abstract: A combination of secure texts of values “a”, “b” and “c” having a relationship c=ab is efficiently generated. A secure text generation part 12 generates secure texts [xi] of xi satisfying xi=f(ki), and secure texts [yi] of yi satisfying yi=g(ki), for i=0, . . . , m. A fragment generation part 13 generates ?i decrypted from [xi]?[ai] and ?i decrypted from [yi]?[bi], for i=1, . . . , m, and calculates [ci]+?i[bi]+?i[ai]+?i?i and generates secure texts [z1], . . . , [zm]; and A random number synthesizing part 14 generates a secure text [z0] using different values k0, . . . , km and secure texts [z1], . . . , [zm].

Abstract: Disclosed is an offline/online signature system including a key distribution center (KDC) and a signature end, wherein the KDC includes a key generating module, an offline signature module, and a verification module; and the signature end includes an online signature module and a verification module. The key generating module generates a temporary signature required for online signature, and transmits the result to a sensor node for storage. The online signature module generates a signature for a specific message; and the verification module includes a processor and a public key transformation component, wherein the processor transmits the signature to the public key transformation component and determines whether the signature is valid.